Is it possible to create a token for read-only access to a single repository within VisualStudio.com Team Services?
I see I can use a Personal Access Token to limit access to a Team Services Server, but it appears to be for the entire server rather than a single repository.
Surely, there must be a way to do this.
There isn’t the Token for a Single Repository level, but Personal Access Token permission is based on the user who created.
So, you can refer to these steps below to generate a personal access token for your requirement:
Add an additional user to your VSTS instance
Logon your VSTS with that account and create a Personal Access Token.
Logon your VSTS with your own account and remove some permissions for that account (e.g. just grant necessary permission for a repository)
After that, this Personal Access Token can just access a Single Repository
Related
According to this post, I should be able to generate a personal access token under my profile that has access to an organization's private repo, and use this personal access token for authentication to access an organization's private repo via Github-api.
However, when using this token, I get a 401 Unauthorized response / "Bad credentials". Is there extra permissions needed for my profile in order to use the Github API on that organization's private repo? Is there scopes I should have checked off when making my personal access token in order for it to work? My profile has the permission to read and contribute to the org repo, so I am confused why my profile's access token is met with a 401.
I ultimately want to run GET {{root}}/repos/{{owner}}/{{repo}}/contents/, where the owner is the organization name. Oddly, when using my personal access token on my own forked copies of the organization's repo, I also get a 401 Unauthorized.
EDIT: I checked off all possible scopes to attach to a token. Even with this token, I still get a 401 "Bad Credentials". There must then be a different set of permissions between being a contributor to a repo versus using the github-api to query the repo. Correct?
I used https://analytics.dev.azure.com/{orgname}/{ProjectName}/_odata/v2.0/WorkItemSnapshot REST API to fetch the active bug counts for past 60 days for the project in Azure devops. On using the custom scoped PAT to invoke the above API it threw unauthorized exception. Could you please tell me what permissions do I need to grant for PAT to access the workItemssnapshot API.
To use OData API to query work items in a project, you should have the following permissions at least:
On organization, your access level should be Basic.
In project, you should be a member of the project, and at least have Readers permissions. Make sure the permission View analytics is Allow for you.
For your personal access token (PAT), it should have the scopes Analytics(Read) and Work Items(Read).
I built a project that uses PAT (Personal Access Token) generated by a user to connect to Azure DevOps REST API and get some data about a project and its commits, etc..
It happened to me twice now that the request returns with:
Access Denied: The Personal Access Token used has expired
Even though the token is not expired yet, it's been created two days ago.
Is there any limitation on using this RestAPI which if I exceeded it'll expire my token automatically?
First, you need to check with the user if the PAT has expired, because Expiration can be customized.
If the PAT confirms that it has not expired, you can try to re-create a new PAT, select All accessible organizations and Full access scope , revoke the previous PAT, and see if the new PAT is available.
In this case with the similar issue, a contributor provided a solution : the user was able to fix it by signing out and back in. This seemed to refresh the auth token and unblocked them. You can also try it .
"I want to create a service connection using AzureDevOps with which we get access to only one particular repository. But when I Create service connection it will give access to all repositories present in one account"
I already tried creating a personal access token using Github. But GitHub doesn't allow to create public access token with limited repository access.
How can I generate a personal access token with limited repository access ??
When you create a new GitHub service connection, you can choose Personal Access Token like below.
Then visit https://github.com/settings/tokens to create personal access tokens and you can choose your expected scope.
In this time, I choose the public_repo scope, create the token, copy the token to Azure DevOps and create the new GitHub connection.
As you can see, there are five repositories in my GitHub, one is private and four are public.
Then in the build pipeline source, I just get the four public repositories and don’t get the private repository.
When I try to authorize Azure Devops to get access to my GitHub repositories it wants full access to everything, including:
This application will be able to read and write all public and private repository data. This includes the following:
Code
Issues
Pull requests
Wikis
Settings
Webhooks and services
Deploy keys
Collaboration invites
But that is to broad access to my taste, how can I just give it access to specific repositories without giving it access to everything?
Create a specific user that has the exact permissions you would grant, create an Access Token for that user to strip some of the requested permissions, don't use the OAuth flow.