需要获取组织中所有令牌的列表。
使用令牌呼叫https://vssps.dev.azure.com/{organization}/_apis/tokens/pats?api-version=6.1-preview.1
我在DevOps中的权限设置为Collection Administrator。
收到的响应是:
{" $id ": " 1 ", " innerException ":null, " message ": "请求的操作是不允许的"," typeName ": " Microsoft.TeamFoundation.Framework.Server. error . "InvalidAccessException, Microsoft.TeamFoundation.Framework.Server"、"typeKey":"InvalidAccessException"、"errorCode eventId":0:3000}
是否缺乏权限,或者我是否需要设置其他东西来获取组织中的令牌列表?
您没有提到如何获得令牌,以及身份验证流程的标准,但我将分享我的冒险经历,与您的经历相似。
我得到了你的确切错误,而遵循这个指南:https://learn.microsoft.com/en-gb/azure/devops/organizations/accounts/manage-personal-access-tokens-via-api?view=azure-devops
我从python代码中得到的token不能工作。
然后我发现这段代码:https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token#--username-password-flow-programmatic
在使用上述链接中的相同应用程序注册时,我将功能失调代码中的scope和tenantID复制到新代码和中。然后去你的应用注册->身份验证——比;允许公共客户端流为yes,见截图。我在提供凭据后运行脚本,现在令牌工作了。
转储代码以供将来参考:
# Given the client ID and tenant ID for an app registered in Azure,
# along with an Azure username and password,
# provide an Azure AD access token and a refresh token.
# If the caller is not already signed in to Azure, the caller's
# web browser will prompt the caller to sign in first.
# pip install msal
from msal import PublicClientApplication
import sys
# You can hard-code the registered app's client ID and tenant ID here,
# along with the Azure username and password,
# or you can provide them as command-line arguments to this script.
client_id = '<client-id>'
tenant_id = '<tenant-id>'
username = '<username>'
password = '<password>'
# Do not modify this variable. It represents the programmatic ID for
# Azure Databricks along with the default scope of '/.default'.
scope = [ '2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default' ]
# Check for too few or too many command-line arguments.
if (len(sys.argv) > 1) and (len(sys.argv) != 5):
print("Usage: get-tokens-for-user.py <client ID> <tenant ID> <username> <password>")
exit(1)
# If the registered app's client ID and tenant ID along with the
# Azure username and password are provided as command-line variables,
# set them here.
if len(sys.argv) > 1:
client_id = sys.argv[1]
tenant_id = sys.argv[2]
username = sys.argv[3]
password = sys.argv[4]
app = PublicClientApplication(
client_id = client_id,
authority = "https://login.microsoftonline.com/" + tenant_id
)
acquire_tokens_result = app.acquire_token_by_username_password(
username = username,
password = password,
scopes = scope
)
if 'error' in acquire_tokens_result:
print("Error: " + acquire_tokens_result['error'])
print("Description: " + acquire_tokens_result['error_description'])
else:
print("Access token:n")
print(acquire_tokens_result['access_token'])
print("nRefresh token:n")
print(acquire_tokens_result['refresh_token'])