14

I'm using the VSO REST API to get all members in a team, from there I'm getting the ImageUrl of the member.

If I just bind an Image control to ImageUrl it's blank because VSO requires that I be signed in to get a profile picture... so I created a HttpClient and set my Authorization to OAuth and gave it my access token.

This just returns a 403 : Forbidden response... But if I use basic authentication, then everything works fine?

Is basic authentication the only method to get profile images from VSO via the REST API?

Community
  • 1
  • 1
BeginnerCoder
  • 383
  • 1
  • 3
  • 15
  • I've never worked with this API, but the [docs](https://www.visualstudio.com/en-us/integrate/get-started/auth/overview) seem to imply that you can do either. "Enable alternate credentials" under your Profile appears to enable basic auth, but I'm not sure if that disables oAuth. Doubt it but might be worth looking at. Do you have oAuth working for other actions? – Todd Menier Apr 11 '15 at 12:49
  • Yup. oAuth works for other actions very well. I can't have an application that prompts the users twice for their credentials. :( That's insane – BeginnerCoder Apr 11 '15 at 13:28
  • In case other people are using this API... retrieving images from a work item description does not work either – BeginnerCoder Apr 22 '15 at 04:03

1 Answers1

8

Both Basic Auth and OAuth 2.0 are supported by the REST API.

Click through to details on using OAuth 2.0 with the API

UPDATE: Missed an important part of the question. Sorry. :-(

To get a user's image the endpoint is 

https://*.visualstudio.com/DefaultCollection/_api/_common/identityImage?id=<Guid>

Unfortunately _api/_common/identityImage is not an allowed route for an app that authenticates with an OAuth access token at the moment, so this is an expected behavior. The team is aware of it, though I don't know where it is in their list of priorities.

Add a suggestion at http://visualstudio.uservoice.com for this so that it makes the request more visible for them.

Richard Banks
  • 12,456
  • 3
  • 46
  • 62
  • Yes, I know it works with oAuth but when I try to use oAuth to get the display picture, it fails. – BeginnerCoder Apr 13 '15 at 13:09
  • Thanks for the clarification! Do you think that it would be advisable to capture the user credentials again? Because I'm already making the user enter their credentials for oAuth access.. and now to do it twice? Would that be good? – BeginnerCoder Apr 14 '15 at 12:19
  • Probably not the best user experience :-) I think you have two choices. One; don't show people's images. Then you won't need to make the non-OAuth call. Or two; drop OAuth and use basic auth for all the API calls. Since you (probably) don't want to store username/passwords for people it would require them re-entering their details each time your app was used. Not knowing the importance of the profile pictures, I'd go for option 1 for now. – Richard Banks Apr 16 '15 at 00:01
  • That's kinda bleak :( Thanks though... already moved ahead with this.. hope they do release something soon – BeginnerCoder Apr 16 '15 at 12:06