1

I'm developing an extension that runs within a work item. Is there a way I can acquire an AAD token for the current logged in user, which can be used to authenticate to an AAD protected backend service like Azure App Service/Key Vault etc?

Saleel Ali
  • 73
  • 1
  • 6
  • Instead of azure-devops-extension-api, consider using [azure-activedirectory-library-for-js](https://github.com/AzureAD/azure-activedirectory-library-for-js). See similar issue [here](https://stackoverflow.com/questions/40976308/getting-azure-active-directory-token-javascript). – LoLance Aug 12 '20 at 05:05

1 Answers1

0

I'm afraid you can't do that directly. Azure Devops Service and Azure are not the same things.

We can use VSS SDK and azure-devops-extension-api to get Azure-devops related info(AccessToken for Azure Devops Service,Org info, Project info, User info), but we can't get AAD token using these related api cause these apis are for Azure Devops Service.

LoLance
  • 25,666
  • 1
  • 39
  • 73
  • I see a method called as aquireAccessToken in the Service EndpointRestClient class. Can this be used for my use case? I don't want to use azure-active-directory-library-for-js because that will prompt the user again for login. As per my understanding, Azure DevOps has already authenticated the user and an AAD token is available. Is there a way we can use on-behalf-of flow to exchange this token for to call a downstream API? – Saleel Ali Aug 12 '20 at 06:19
  • I found the source of this method [here](https://github.com/microsoft/azure-devops-extension-api/blob/611af5ed15f7fea43b8acc2de1f250fcb264d422/src/ServiceEndpoint/ServiceEndpointClient.ts#L548), but it doesn't talk much about what the token here means... The method name looks like what you're looking for, but i'm not sure whether it can access azure app service... – LoLance Aug 12 '20 at 10:10
  • Is there a way some documentation can be added for the method? – Saleel Ali Aug 12 '20 at 11:50
  • Trying submiting feedback for the document itself, you can choose helpful/not helpful in the top-right of the page. And you can submit feedback for that page, I think the author would see it. Hope it helps :) – LoLance Aug 17 '20 at 08:45