This sample shows how to prompt a user to authorize a cloud service that can call APIs on Azure DevOps on behalf of the user.
To learn more about OAuth in Azure DevOps, see Authorize access to Azure DevOps with OAuth 2.0
These instructions assume you will be deploying this sample app to an Azure web app. To learn more and to get started, visit Get started with Azure Web Apps and ASP.NET.
-
Register an OAuth client app in Azure DevOps (https://app.vsaex.visualstudio.com/app/register)
- The callback URL should be https://yoursite.azurewebsites.net/oauth/callback, where
yoursiteis the name of your Azure web app
- The callback URL should be https://yoursite.azurewebsites.net/oauth/callback, where
-
Clone this repository and open the solution
OAuthWebSample\OAuthWebSample.slnin Visual Studio 2015 or later -
Update the following settings in web.config to match the values in the app you just registered:
ClientAppIDClientAppSecret(use the "Client Secret" shown on the Azure DevOps Application Settings page, not the App Secret)Scope(space separated)CallbackUrl
-
Build the solution (this will trigger a NuGet package restore, which will pull in all dependencies of the project)
-
Publish the app to Azure
-
Navigate to your app (https://yoursite.azurewebsites.net)
-
Confirm your App ID, scope, and callback URL are displayed properly
-
Click Authorize
-
Sign in to Azure DevOps (if prompted)
-
Review and accept the authorization request
If everything is setup properly, Azure DevOps will issue an access token and refresh token and both values will be displayed. You should keep these values secret. Also a new authorization will appear in your profile page.
With the access token you can invoke Azure DevOps REST APIs by providing the access token in the Authorization header.
Authorization: Bearer {access token}