Reference

Authentication User Credentials

Description

Delegated access using OAuth authorization code flow. Users sign in with their Azure AD account. [API reference]

Instructions

Follow these simple steps below to create Microsoft Entra ID application with delegated access:

WARNING: To automate your company's processes, make sure you use a system/generic account (e.g. automation@my-company.com). When you use a personal account which is tied to a specific employee profile and that employee leaves the company, the token may become invalid and any automated processes using that token will start to fail.
  1. Navigate to the Azure Portal and log in using your credentials.
  2. Access Microsoft Entra ID.
  3. Register a new application by going to App registrations and clicking on New registration button: Start new app registration in Microsoft Entra ID
    INFO: Find more information on how to register an application in Graph API reference.
  4. When configuration window opens, configure these fields:
    • Supported account type
      • Use Accounts in this organizational directory only, if you need access to data in your organization only.
    • Redirect URI:
      • Set the type to Public client/native (mobile & desktop).
      • Use https://zappysys.com/oauth as the URL.
    Register app in Microsoft Entra ID
  5. After registering the app, copy the Application (client) ID for later: Copy client ID of Microsoft Entra ID app
  6. Then copy OAuth authorization endpoint (v2) & OAuth token endpoint (v2) URLs to use later in the configuration: Copy Auth and Token URLs in Microsoft Entra ID app
  7. Now go to SSIS package or ODBC data source and use the copied values in User Credentials authentication configuration:
    • In the Authorization URL field paste the OAuth authorization endpoint (v2) URL value you copied in the previous step.
    • In the Token URL field paste the OAuth token endpoint (v2) URL value you copied in the previous step.
    • In the Client ID field paste the Application (client) ID value you copied in the previous step.
    • In the Scope field use the default value or select individual scopes, e.g.:
      • vso.project
      • vso.work_full
  8. Press Generate Token button to generate Access and Refresh Tokens.
  9. Optional step. Choose Default Drive Id from the drop down menu.
  10. Click Test Connection to confirm the connection is working.
  11. Done! Now you are ready to use the API Connector!

Parameters

Parameter Required Default value Options
Name: AuthUrl

Label: Authorization URL

 YES
Name Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/authorize
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Name: TokenUrl

Label: Token URL

 YES
Name Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/token
Name: ClientId

Label: Client ID

 YES
Name: Organization

Label: Organization name or Id (e.g. mycompany)

The organization name or Id obtained from Azure DevOps. 		YES
Name: ReturnUrl

Label: Return URL

The URL to send the authentication token back to. 		YES https://zappysys.com/oauth
Name Value
https://zappysys.com/oauth https://zappysys.com/oauth
Name: Scope

Label: Scopes (Must match with App Registration)

The scopes of access needed for the Azure DevOps API connection. **Offline_access** is required to receive a refresh token; without it the connection cannot renew and will effectively stop working when the access token expires. 		YES https://app.vssps.visualstudio.com/vso.project~https://app.vssps.visualstudio.com/vso.work_full~offline_access
Name Value
Delegated Access (All Permissions for User Account) https://app.vssps.visualstudio.com/user_impersonation
Project and team (read) https://app.vssps.visualstudio.com/vso.project
Project and team (read and write) https://app.vssps.visualstudio.com/vso.project_write
Project and team (read, write and manage) https://app.vssps.visualstudio.com/vso.project_manage
Work items (read) https://app.vssps.visualstudio.com/vso.work
Work items (read and write) https://app.vssps.visualstudio.com/vso.work_write
Work items (full) https://app.vssps.visualstudio.com/vso.work_full
Offline access offline_access
Name: ApiVersion

Label: API Version

The version of the Azure DevOps API to use. 		YES 7.0
Name Value
6.0 6.0
7.0 7.0
7.0-preview 7.0-preview
7.1-preview.2 7.1-preview.2
Name: ClientSecret

Label: Client Secret
Name: RefreshTokenFilePath

Label: Refresh Token File Path

If you cant fit long refresh token in ConnectionString from your program then use this. Supply three properties in json format (i.e. save this in file { "access_token": "YOUR_ACCESS_TOKEN", "refresh_token": "YOUR_REFRESH_TOKEN", "expires_in": 3600 } )
Name: Project

Label: Default Project Name (Choose after Generating Token)

The default project name to make API calls for.
Name: RetryMode

Label: RetryMode

 RetryWhenStatusCodeMatch
Name Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
Name: RetryStatusCodeList

Label: RetryStatusCodeList

 429
Name: RetryCountMax

Label: RetryCountMax

 5
Name: RetryMultiplyWaitTime

Label: RetryMultiplyWaitTime

 True