aggregator-cli icon indicating copy to clipboard operation
aggregator-cli copied to clipboard
verified publisher icon tfsaggregator

Support for non-expiring Azure DevOps credentials

Open giuliov opened this issue 7 years ago • 5 comments

Current version has only support for PAT, which can last, at most, a year.

giuliov avatar Nov 02 '18 12:11 giuliov

Its seems the issue here is secure storage am I correct?

pswetz avatar Nov 06 '18 14:11 pswetz

Yes (currently PAT is saved in the Function configuration), and more: ideally the Function instance should be perpetually connected, removing the hassle of manually refreshing expiring tokens.

giuliov avatar Nov 06 '18 14:11 giuliov

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 26 '19 09:08 stale[bot]

@giuliov please correct me if I am going into wrong direction: Is this about these 2 topics?

  1. storage location of secrets (PAT)
  • use Azure Key Vault for storage in Azure Function Context
  • use windows vault for local execution
  1. support additional login possibilities
  • support running with dedicated provided username:password?
  • support OAuth2

BobSilent avatar Sep 14 '19 22:09 BobSilent

@BobSilent it is more 2b in order to avoid managing PAT I explored the topic a while ago, but I was only able to find solutions for:

  • the client scenario, like a WPF App or a Web site, implying user interaction;
  • AAD authentication using Graph API, which may apply or not (not very familiar with this, but I guess we should test with a DevOps Organization backed by MSA accounts and one using AAD)

The ideal solution would be similar to registering a build agent: you authenticate once then some kind of token is exchanged and the agent is trusted.

PS you can use Slack for chatting and discussion.

giuliov avatar Sep 16 '19 10:09 giuliov