You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When utilizing the command Connect-ADO with a scoped PAT, it seems to error out so it's not clear what the minimum permissions needed to connect without an error are. In some cases, perhaps not all, even though it throws an error, it still actually connects and returns an object.
Example: I created a PAT with a limited scope - specifically just for Work items (read, write, and manage) and encountered this error, but immediately was able to run get-adoproject:
.
Commands I'd expect to work with my limited PAT, do work... like this:
Get-ADOProject -Project CCI | Get-ADOWorkItem -id 1
Other commands definitely failed with an unauthorized error, but that is expected as that token doesn't have those scopes. An example would be Get-ADOBuild in this case.
Obviously some commands won't work without a full access token but those will throw an error as seen above. Depending on the task a user wants to do, I would expect a limited PAT to work during the Connect-ADO process and not throw an error. If a user wanted to automate or only work on work items or some specific component using this module, they may choose to secure their tokens by limiting their scope. Perhaps the connection can be re-worked a tad to be more aware of the minimum necessary scope to do any task so as long as that minimum scope is met, it instead appears as successful connection instead of an error.
The text was updated successfully, but these errors were encountered:
When utilizing the command Connect-ADO with a scoped PAT, it seems to error out so it's not clear what the minimum permissions needed to connect without an error are. In some cases, perhaps not all, even though it throws an error, it still actually connects and returns an object.
Example: I created a PAT with a limited scope - specifically just for Work items (read, write, and manage) and encountered this error, but immediately was able to run
get-adoproject
:Commands I'd expect to work with my limited PAT, do work... like this:
Get-ADOProject -Project CCI | Get-ADOWorkItem -id 1
Other commands definitely failed with an unauthorized error, but that is expected as that token doesn't have those scopes. An example would be
Get-ADOBuild
in this case.Obviously some commands won't work without a full access token but those will throw an error as seen above. Depending on the task a user wants to do, I would expect a limited PAT to work during the Connect-ADO process and not throw an error. If a user wanted to automate or only work on work items or some specific component using this module, they may choose to secure their tokens by limiting their scope. Perhaps the connection can be re-worked a tad to be more aware of the minimum necessary scope to do any task so as long as that minimum scope is met, it instead appears as successful connection instead of an error.
The text was updated successfully, but these errors were encountered: