Configuring OAuth 2.0 for Microsoft Azure DevOps Services
To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:
-
Set up the Microsoft Azure DevOps Services OAuth App (OAuth 2.0).
-
Apply the Microsoft Azure DevOps Services OAuth App Secret.
Setting up the Microsoft Azure DevOps Services OAuth App
Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.
-
You are logged in to Microsoft Azure DevOps Services.
Third-party application access via OAuth
is enabled for your organization. See Change application connection & security policies for your organization. -
base64
is installed in the operating system you are using.
-
Enter the following values:
-
Company name:
Che
-
Application name:
Che
-
Application website:
https://<che_fqdn>/
-
Authorization callback URL:
https://<che_fqdn>/api/oauth/callback
-
-
In Select Authorized scopes, select Code (read and write).
-
Click Create application.
-
Copy the App ID and encode it to Base64 for use when applying the Microsoft Azure DevOps Services OAuth App Secret:
$ echo -n '<microsoft_azure_devops_services_oauth_app_id>' | base64
-
Click Show to display the Client Secret.
-
Copy the Client Secret and encode it to Base64 for use when applying the Microsoft Azure DevOps Services OAuth App Secret:
$ echo -n '<microsoft_azure_devops_services_oauth_client_secret>' | base64 -w 0
Applying the Microsoft Azure DevOps Services OAuth App Secret
Prepare and apply the Microsoft Azure DevOps Services Secret.
-
Setting up the Microsoft Azure DevOps Services OAuth App is completed.
-
The Base64-encoded values, which were generated when setting up the Microsoft Azure DevOps Services OAuth App, are prepared:
-
App ID
-
Client Secret
-
-
An active
kubectl
session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.
-
Prepare the Secret:
kind: Secret apiVersion: v1 metadata: name: azure-devops-oauth-config namespace: eclipse-che(1) labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: oauth-scm-configuration annotations: che.eclipse.org/oauth-scm-server: azure-devops type: Opaque data: id: <Base64_Microsoft_Azure_DevOps_Services_OAuth_App_ID>(2) secret: <Base64_Microsoft_Azure_DevOps_Services_OAuth_Client_Secret>(3)
1 The Che namespace. The default is eclipse-che
.2 The Base64-encoded Microsoft Azure DevOps Services OAuth App ID. 3 The Base64-encoded Microsoft Azure DevOps Services OAuth Client Secret. -
Apply the Secret:
$ kubectl apply -f - <<EOF <Secret_prepared_in_the_previous_step> EOF
-
Verify in the output that the Secret is created.
-
Wait for the rollout of the Che server components to be completed.