Configuring OAuth 2.0 for Microsoft Azure DevOps Services

To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:

  1. Set up the Microsoft Azure DevOps Services OAuth App (OAuth 2.0).

  2. Apply the Microsoft Azure DevOps Services OAuth App Secret.

OAuth 2.0 isn’t supported on Azure DevOps Server, see the documentation page.

Setting up the Microsoft Azure DevOps Services OAuth App

Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.

Prerequisites

  • You are logged in to Microsoft Azure DevOps Services.

    Third-party application access via OAuth is enabled for your organization. See Change application connection & security policies for your organization.
    Procedure

    1. Visit https://app.vsaex.visualstudio.com/app/register/.

    2. Enter the following values:

      1. Company name: Che

      2. Application name: Che

      3. Application website: https://<che_fqdn>/

      4. Authorization callback URL: https://<che_fqdn>/api/oauth/callback

    3. In Select Authorized scopes, select Code (read and write).

    4. Click Create application.

    5. Copy and save the App ID for use when applying the Microsoft Azure DevOps Services OAuth App Secret.

    6. Click Show to display the Client Secret.

    7. Copy and save the Client Secret for use when applying the Microsoft Azure DevOps Services OAuth App Secret.

Additional resources

Applying the Microsoft Azure DevOps Services OAuth App Secret

Prepare and apply the Microsoft Azure DevOps Services Secret.

Prerequisites

  • Setting up the Microsoft Azure DevOps Services OAuth App is completed.

  • The following values, which were generated when setting up the Microsoft Azure DevOps Services OAuth App, are prepared:

    • App ID

    • Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

  1. Prepare the Secret:

    kind: Secret
apiVersion: v1
metadata:
  name: azure-devops-oauth-config
  namespace: eclipse-che(1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: azure-devops
type: Opaque
stringData:
  id: <Microsoft_Azure_DevOps_Services_OAuth_App_ID>(2)
  secret: <Microsoft_Azure_DevOps_Services_OAuth_Client_Secret>(3)
    1 The Che namespace. The default is eclipse-che.
    2 The Microsoft Azure DevOps Services OAuth App ID.
    3 The Microsoft Azure DevOps Services OAuth Client Secret.

  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

  3. Verify in the output that the Secret is created.

  4. Wait for the rollout of the Che server components to be completed.