Could not authenticate with Azure Devops Repos

Hi,
I’m creating a plugin for JIRA using Forge. Currently one of the functionalities requires authentication with Azure Devops using OAuth 2.0.
Here’s my manifest provider configuration:

providers:
  auth:
    - key: devops
      name: DevOps
      scopes:
        - 'vso.code'
        - 'vso.project'
        - 'vso.threads_full'
      type: oauth2
      clientId: ***
      remotes:
        - devops-apis
      bearerMethod: form-encoded
      actions:
        authorization:
          remote: devops-oauth
          path: oauth2/authorize
        exchange:
          remote: devops-oauth
          path: oauth2/token
          resolvers:
            accessToken: access_token
            accessTokenExpires: expires_in
            refreshToken: refresh_token
        retrieveProfile:
          remote: devops-oauth
          path: /_apis/profile/profiles/me?api-version=6.0
          resolvers:
            id: id
            displayName: emailAddress

remotes:
  - key: devops-oauth
    baseUrl: https://app.vssps.visualstudio.com
  - key: devops-apis
    baseUrl: https://dev.azure.com

permissions:
  content:
    styles:
      - unsafe-inline
  scopes:
    - storage:app
    - read:jira-work
  external:
    fetch:
      backend:
        - 'https://app.vssps.visualstudio.com'
        - 'https://dev.azure.com'

and code which runs authentication flow:

    const devops = api.asUser().withProvider('devops', 'devops-apis');
    if (!(await devops.hasCredentials())) {
        await devops.requestCredentials();
    }

Auth flow successfully acquires authorization code, however it fails during access token acquisition.
The error I get is:

could not retrieve access token from the provider

I’m looking for suggestion how to debug this error.

1 Like

Hi @rafonet, thank you for reaching out!

Here is our troubleshoot page: Common issues with external authentication and there is an action for such an error:

Action:

  1. Ensure the client secret has been set using the configure providers CLI command.
  2. Confirm the exchange URL is correct in the manifest.yml file.
  3. If it’s still not working, try again later. The provider might be having connection issues.

One additional thing, I can see that in your manifest, there is:

actions:
  authorization:
    remote: devops-oauth
    path: oauth2/authorize
  exchange:
    remote: devops-oauth
    path: oauth2/token

and later configured remote url is: https://app.vssps.visualstudio.com

Shouldn’t it be configured with the / at the beginning so after concatenation url will be valid (I’m not 100% if it matters but I would give it a try).

actions:
  authorization:
    remote: devops-oauth
    path: /oauth2/authorize
  exchange:
    remote: devops-oauth
    path: /oauth2/token

Please let me know if it helps, if not, we will try to investigate if further.

Additional links that you may find interesting:

Best regards,
Łukasz

1 Like

Hi,
thank you for your response Łukasz. I’ve tried your suggestion with adding / to paths but it does not solved my issue.

After some investigation I found out that Azure Devops REST Api requires specific payload in access token request:

I couldn’t find any option to modify access token request in forge documentation, but maybe there is any other option to overcome my problem?

Hi @rafonet,

I’ve reached out to the responsible team and unfortunately, currently we don’t support Azure DevOps. The issue in our public project is created and we will post updates there: [FRGE-760] - Ecosystem Jira

Best regards,
Łukasz

2 Likes