Can only auth with the personal access token. Username/password tokens always fail with 'Invalid Resource'

[ChrisMBarr]

Environment

Node version: 8.3.0
Npm version: 5.8.0
OS and version: Windows 10
vsts-node-api version: 6.5.0
TFS Version: Microsoft Visual Studio Team Foundation Server Version 16.122.27409.2

Issue Description

When creating a new WebApi() I am only able to log in with a Personal Access Token handler. When I try using the username/password handlers it fails with Error: Invalid Resource

Expected behaviour

I would expect a correct username/password combination to work in the same way a PAT would work.

Actual behaviour

No connection occurs, and the error message Error: Invalid Resource is produced

Code Examples

//This works
const token = getPersonalAccessTokenHandler('xxxxxx');

//All of these attempts fail
//const token = getBasicHandler('myusername', 'mypassword');
//const token = getNtlmHandler('myusername', 'mypassword');
//const token = getBasicHandler('DOMAIN\\myusername', 'mypassword');
//const token = getNtlmHandler('DOMAIN\\myusername', 'mypassword');
//const token = getBasicHandler('myusername@domain.com', 'mypassword');
//const token = getNtlmHandler('myusername@domain.com', 'mypassword');

this.webApi = new WebApi(this.opts.tfsCollectionUrl, token);
this.webApi.getCoreApi()
  .then((coreAPi: ICoreApi) => this.coreApi = coreAPi)
  .catch((err: string) => console.error('Unable to create the CoreAPI!', err));

I have tried all the above methods to generate a username/password token with my own personal TFS account, and a newly created "bot" account that I plan to use for an automated tool I'm building. Neither work.

Actual logged error in the console

Unable to create the CoreAPI! Error: Invalid Resource
    at RestClient.<anonymous> (C:\my-project\node_modules\typed-rest-client\RestClient.js:162:28)
    at Generator.next (<anonymous>)
    at fulfilled (C:\my-project\node_modules\typed-rest-client\RestClient.js:6:58)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:188:7)

[stephenmichaelf]

Thanks @ChrisMBarr I will take a look.

[stephenmichaelf]

I think the recommendation is to not using Basic auth (at the very least it requires an IIS configuration change and invalidates using PAT). If this is the case(I will confirm) we should probably remove this authentication handler from the repo.

I am going to check on NTLM as that should work.

Is there a specific use case for you to be able to use Basic auth where PAT doesn't work?

Looping in @bryanmacfarlane

[bryanmacfarlane]

I think we can leave it but doc the implications. Also, I don't think PAT was available until TFS2017

[ChrisMBarr]

I am fine using the tokens, however they expire at a max of once a year and I'm just trying to avoid having to go in and "fix" this with a new token every year.

Off topic here... but is it possible to generate a PAT that does not expire?

[namankanakiya]

Any update on this? The NTLM still seems to be broken. Seems like the data is not being passed through correctly:

{ Error: TF400813: The user '' is not authorized to access this resource.

[damccorm]

@ChrisMBarr, unfortunately I think the longest expiration period we allow is 1 year as far as I know.

[damccorm]

Concerning NTLM, I'm taking a look and tracking it in #172. I'm going to close since it looks like the basic auth question has been resolved and we're tracking NTLM elsewhere.