VSTS Dashboard Access with Personal Access Token - azure-devops

Is it possible to access a dashboard in VSTS using a personal access token? I would like to display the dashboard on a wall-mounted TV without having to log into VSTS every time.

A Personal Access Token cannot be used for logging in to the Web UI. PATs are used for accessing REST APIs or Git repositories from external tools.
As a workaround you could create a dummy Stakeholder account. Those are free and have permission to view the dashboard. You can then use that account on your TV.

Related

Webapp requesting access to a specific repo

I want to write an app that has read/write access to a user's specific repository (Gitlab and Github).
Ideally, the user simply gives a link to the repository, and by clicking a confirmation button (providing the user's logged in to Gitlab/Github), the webapp gets read/write access to that specific repo. (So just like an OAuth flow, but only for one repo).
Is this possible? If not, what would be the best (i.e. frictionless) way of having users grant an external app access to a their repo?
This use case is covered by OAuth applications.
When configured, GitLab users can provide authorization to your web app to take API actions on their behalf (with the authorized scope). Unfortunately, there is no in-built mechanism to limit this to a single project from GitLab. You can, however, have group owned applications.
Alternatively, you could implement per-repo access as a feature in your application, rather than in the GitLab authorization flow.
GitLab administrators can also mark registered applications as "trusted" and users won't be prompted to allow the authorization from GitLab to your app. This has the benefit of being more frictionless, but should only be used for apps you control or trust.

How to create user repository via GitHub App API?

A user installed my github app for his personal account (not organization). My github app has read & write administration permissions.
When I perform the request (I use go-github sdk) I get the following error:
POST https://api.github.com/user/repos: 403 Resource not accessible by integration []
There are two different endpoints for creating repositories in organization and for user. Endpoint for creating user repos is the POST method /user/repos. When I look github official documentation on github app permissions it doesn't actually list POST method for user/repos. So it's not clear how to create user repos via github app, if possible at all.
I got a response from github support. This behaviour is expected. To create new repos under a user you have to use user-to-server token (oauth2 token). It can be acquired during installation if you enable option "Request user authorization (OAuth) during installation" in your github app. This way user not only install your github app but also will authorize your github app.

What is the difference between a GitHub App and the REST API for GitHub?

What is the difference between a GitHub App and the REST API for GitHub? Why would you need a GitHub App if you can just use the REST API, without setting any environment up?
The REST API should just be a collection of endpoints that accept a POST along with access tokens. But the GitHub App requires cloning an entire repo written in Ruby, that has nothing to do with my app.
I am not looking for users to integrate with my repo, I want them to be able to connect their own repo to the application.
But the GitHub App requires cloning an entire repo written in Ruby, that has nothing to do with my app.
I don't believe this is true.
GitHub Apps make the process of integrating 3rd party tools into your GitHub repositories smoother.
GitHub Apps are installed by organizations and granted access to specific repositories via GitHub. For example, CodeClimate is a tool which performs checks on pull requests. Rather than granting them OAuth access to my repositories, I can install the CodeClimate GitHub App on my organization and configure which repositories they have access to. I can see all the apps installed and what their permissions are.
Note that "installing" a GitHub App does not install any code. "Installing" gives the app permissions for the service to access your organization and repos. A GitHub App is a wrapper around an existing service.
If you want users to connect their repos to your application, consider a GitHub App.
This is covered in About apps.
An OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an organization or on repositories within an organization.
GitHub Apps are the officially recommended way to integrate with GitHub because they offer much more granular permissions to access data, but GitHub supports both OAuth Apps and GitHub Apps.
GitHub Apps are first-class actors within GitHub. A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user.
GitHub Apps can be installed directly on organizations and user accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. When you set up your GitHub App, you can select the repositories you want it to access. For example, you can set up an app called MyGitHub that writes issues in the octocat repository and only the octocat repository. To install a GitHub App, you must be an organization owner or have admin permissions in a repository.
GitHub Apps are applications that need to be hosted somewhere. For step-by-step instructions that cover servers and hosting, see "Building Your First GitHub App."
Differences between GitHub Apps and OAuth Apps has a complete breakdown.

Is it possible to clone an Azure Devops repository using an OAuth token

I am trying to implement an integration between a web-based code editor and Azure Devops. I am trying to use OAuth to get user authorization and then to make a clone of a repository on behalf of the user.
For GitHub I can use the OAuth access token as a username to clone the repository. Is there a similar functionality for Azure Devops?
Is there a similar functionality for Azure Devops?
The answer is yes.
Azure DevOps Services uses the OAuth 2.0 protocol to authorize your app for a user and generate an access token. And we need make sure Authorised scopes include code (Read) when we generate the OAuth token:
Please refer this document and this blog for some more details.
Note:
Since OAuth 2.0 is not supported on Azure DevOps Server
(I saw you add Azure DevOps Server tag on your post). Client
Libraries are a series of packages built specifically for extending
Azure DevOps Server functionality. For on-premises users, we recommend
using Client Libraries, Windows Auth, or Personal Access Tokens
(PATs) to authenticate on behalf of a user.

Can Webhooks be used with a GitHub OAuth App?

So I've been reading GitHub developer docs and about webhooks they have the following statement:
Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com. When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. You're only limited by your imagination.
However, about Apps they've also got this statement:
Apps on GitHub extend and improve existing workflows. People can
purchase apps from GitHub Marketplace or browse useful tools and
services that integrate with GitHub in Works with GitHub.
If you're building or adding integrations, this documentation will
help get you up and running.
For support requests, bug reports, and discussions related to GitHub
Apps (not OAuth Apps), use the GitHub Platform Forum. The forum allows
you to collaborate with other integrators as well as engineers and
product managers from GitHub.
If your request is about OAuth Apps, or if you need to discuss a
private concern, please contact support directly.
This seems that Webhooks can only be used with GitHub Apps? The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?
Edit
Can Webhooks be used with a GitHub OAuth App?
Yes.
Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com.
This is an incorrect statement. This should be 'an integration with GitHub' rather than 'GitHub Apps'.
This seems that Webhooks can only be used with GitHub Apps?
No. GitHub Apps include implicit support for Webhooks. OAuth Applications request tokens with a scope for write:repo_hook or admin:org_hook to register a Webhook on the Repository or Organization.
There is a guide for creating webhooks that suggests to use the repo hooks or org hooks API endpoints.
The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?
There is documentation that describes some differences between GitHub Apps and OAuth Apps.
TLDR advantages of GitHub Apps:
Granular Permissions
Option to use short-lived Tokens
GitHub Apps do not need to add a Webhook to a Repository or Organization
Avoids having Machine/Service Account users
Original
Webhooks allow your server/application to get notified whenever a specific event happens - regardless of whether you are using OAuth or GitHub App. Your application will then need to process an event and act accordingly.
Separately, your application will need to interact with GitHub's API to create, read, edit, or delete information. GitHub will usually require credentials to access or update specific information. Authentication to GitHub's API can use multiple methods:
None
Basic Authentication (username/password)
OAuth2 Token
Personal Access Token (PAT)
Installation Access Token
There are additional differences between legacy GitHub integrations and GitHub Apps.
Older integrations were based on Oauth2 and use a Token associated with a user's account. Integrations would interact with GitHub's API on behalf of a user - which is why some organizations would set up a machine user. Webhooks also need to be added explicitly.
GitHub Apps will interact with GitHub's API on it's own behalf. You must explicitly grant a GitHub App access to an Organization or Repository which enables both Webhook and API access.