For a headless text output client application, it is not possible authenticate through an interactive prompt. Instead a text only approach is necessary. This flow leverages a user's external device (i.e. phone) to authenticate through an interactive login prompt and pass the auth token to the headless application. For more information click here.
This buildable sample will walk you through the steps to create a client-side console application which uses ADAL to authenticate a user via the Device Profile flow and returns a JSON string containing all account team project data viewable by the authenticated user.
To run this sample for an Azure Active Directory backed Azure DevOps account you will need:
- Visual Studio IDE
- An Azure Active Directory (AAD) tenant. If you do not have one, follow these steps to set up an AAD
- A user account in your AAD tenant
- A Azure DevOps account backed by your AAD tenant where your user account has access. If you have an existing Azure DevOps account not connected to your AAD tenant follow these steps to connect your AAD tenant to your Azure DevOps account
To run this sample for a Microsoft Account backed Azure DevOps account you will need:
- Visual Studio IDE
- A Azure DevOps account not connected to AAD
From a shell or command line:
git clone https://github.com/Microsoft/vsts-auth-samples.git
Step 2: Register the sample application with you Azure Active Directory tenant (AAD backed Azure DevOps account)
If you are a Microsoft Account backed Azure DevOps account please skip this step.
- Sign in to the Azure Portal.
- On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.
- On the left hand navigation menu, select
Azure Active Directory
. - Click on
App registrations
and selectNew application registration
from the top bar. - Enter a
name
for you application, ex. "Adal native app sample", chooseNative
forapplication type
, and enterhttp://adalsample
for theRedirect URI
. Finally clickcreate
at the bottom of the screen. - Save the
Application ID
from your new application registration. You will need it later in this sample. - Grant permissions for Azure DevOps. Click
Required permissions
->add
->1 Select an API
-> type in and selectAzure DevOps
-> check the box forDelegated Permissions
-> clickSelect
-> clickDone
-> clickGrant Permissions
-> clickYes
.
Package: Microsoft.Identity.Model.Clients.ActiveDirectory
has already been installed and configured in the sample, but if you are adding to your own project you will need to install and configure it yourself.
- Navigate to the sample in cloned repo
vsts-auth-samples/DeviceProfileSample/
- Open the solution file
DeviceProfileSample.sln
in Visual Studio 2017 - Use Nuget package restore to ensure you have all dependencies installed
- Open CS file
Program.cs
and there is a section with input values to change at the top of the class:azureDevOpsOrganizationUrl
- Update this value to your VSTS collection URL, e.g. http://dev.azure.com/organization.clientId
- Update this value with theApplication ID
you saved in step 2.6.
- Build and run solution. You should see a console window with instructions on how to authenticate via the Device Profile flow. After authenticating you should see all team project information viewable by the authenticated identity displayed in the console window.
- Navigate to the sample in cloned repo
vsts-auth-samples/DeviceProfileSample/
- Open the solution file
DeviceProfileSample.sln
in Visual Studio 2017 - Use Nuget package restore to ensure you have all dependencies installed
- Open CS file
Program.cs
and there is a section with input values to change at the top of the class:azureDevOpsOrganizationUrl
- Update this value to your VSTS collection URL, e.g. http://dev.azure.com/organization.
- Build and run solution. You should see a console window with instructions on how to authenticate via the Device Profile flow. After authenticating you should see all team project information viewable by the authenticated identity displayed in the console window.