From 0a9a0c996e3343f38119256f5038ed3380dfe2d6 Mon Sep 17 00:00:00 2001 From: Matthew John Cheetham Date: Mon, 8 May 2023 10:23:43 -0700 Subject: [PATCH] azrepos: use OAuth tokens on DevBox by default Update the default for `credential.azreposCredentialType` or `GCM_AZREPOS_CREDENTIALTYPE` to `oauth` when on Microsoft DevBox. --- docs/configuration.md | 6 ++++-- docs/environment.md | 6 ++++-- src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 586ce7b89..084302b1b 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -751,11 +751,13 @@ Credential: "git:https://bob@github.com/example/myrepo" (user = bob) Specify the type of credential the Azure Repos host provider should return. -Defaults to the value `pat`. +Defaults to the value `pat`. In certain cloud hosted environments when using a +work or school account, such as [Microsoft DevBox][devbox], the default value is +`oauth`. Value|Description -|- -`pat` _(default)_|Azure DevOps personal access tokens +`pat`|Azure DevOps personal access tokens `oauth`|Microsoft identity OAuth tokens (AAD or MSA tokens) Here is more information about [Azure Access tokens][azure-tokens]. diff --git a/docs/environment.md b/docs/environment.md index fcdb7db65..9b75de8d4 100644 --- a/docs/environment.md +++ b/docs/environment.md @@ -840,11 +840,13 @@ export GCM_MSAUTH_USEDEFAULTACCOUNT="false" Specify the type of credential the Azure Repos host provider should return. -Defaults to the value `pat`. +Defaults to the value `pat`. In certain cloud hosted environments when using a +work or school account, such as [Microsoft DevBox][devbox], the default value is +`oauth`. Value|Description -|- -`pat` _(default)_|Azure DevOps personal access tokens +`pat`|Azure DevOps personal access tokens `oauth`|Microsoft identity OAuth tokens (AAD or MSA tokens) More information about Azure Access tokens can be found [here][azure-access-tokens]. diff --git a/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs b/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs index cc069e76e..3c59a370e 100644 --- a/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs +++ b/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs @@ -391,8 +391,8 @@ private static string GetAccountNameForCredentialQuery(InputArguments input) /// True if Personal Access Tokens should be used, false otherwise. private bool UsePersonalAccessTokens() { - // Default to using PATs - const bool defaultValue = true; + // Default to using PATs except on DevBox where we prefer OAuth tokens + bool defaultValue = !PlatformUtils.IsDevBox(); if (_context.Settings.TryGetSetting( AzureDevOpsConstants.EnvironmentVariables.CredentialType,