When creating a new personal access token on Azure DevOps, one can select its Organization to be All accessible organizations. How can I programmatically determine if a PAT token (a string) is valid for all accessible organizations, or only for one?
Most relevant Azure DevOps documentation I could find: Authenticate access with personal access tokens for Azure DevOps Services and TFS.
Source which might be relevant: Git-Credential-Manager-for-Windows/Microsoft.Alm.Authentication/Src/Token.cs
You can send a request to
GET https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=6.0
Only 'all accessible organization' PATs will get a valid response
You can then take the id of that response and call this to get more info on which organizations the PAT is an owner of / member of
GET https://app.vssps.visualstudio.com/_apis/accounts?[ownerId|memberId]={idFromFirstReq}&api-version=6.0