Default to / prefer Entra ID Access Tokens over AzDO PAT #543
Labels
backlog
Azure Artifacts tag for items under consideration in our backlog
enhancement
New feature or request
keep
Don't close due to inactivity
Comments
embetten
added
enhancement
|
NUGET_CREDENTIALPROVIDER_VSTS_TOKENTYPE to SelfDescribing does not return entra tokens, it returns ADO JWT session tokens. While we work to return entra tokens directly, you can use this instead of PAT tokens. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
per https://devblogs.microsoft.com/devops/reducing-pat-usage-across-azure-devops/ AzDO PAT is falling out of favour and they are suggesting leveraging Entra ID access tokens. This would be preferred in my org as the entra id auth tech keeps getting more security features that our InfoSec and platform teams really appreciate.
FWIW i'd suspect it be best if this plugin then stored a refresh token similar to how it stores the PAT today....
fwiw it's unclear to me if setting NUGET_CREDENTIALPROVIDER_VSTS_TOKENTYPE to SelfDescribing uses entra id tokens...i'm pretty sure they do not given the 4 hour span note...and i vaguely remember AzDO offering it's own jwt based access token at one point. if i'm wrong and that's the switch then this request may be about changing that default in 2.x
The text was updated successfully, but these errors were encountered: