Azure DevOps OAuth2. TF400813: The user is not authorized to access this resource
I have implemented an OAuth2 app for Azure DevOps. My website takes user (User A) to authorize the app using the below URL. Step1
https://app.vssps.visualstudio.com/oauth2/authorize?scope=vso.code_full (skipped the other parameters)
The above URL works fine and returns with a code+userInfo after user authorization. Now I get an access token passing the code returned from the app using the below API call.
https://app.vssps.visualstudio.com/oauth2/token
I can further fetch all the organizations associated with user's (User A ) account using the below API call
Step2
https://app.vssps.visualstudio.com/_apis/accounts?api-version=6.0-preview&memberId=xyz
Now I want to fetch the repositories inside a particular organization. For that I make the below API call.
Step3
https://dev.azure.com/**organization_name**/_apis/git/repositories?api-version=5.0
The above URL works fine and returns to the repositories inside the specified organization.
Everything fine so far.
Now another user (user B) is trying to connect with my app and he can authorize the app and my application can fetch the organizations under that authenticated user's account. e.g. everything fine until step2. But it fails on step3 e.g. it fails to fetch the repositories inside user's (user B) organization. The API call in step3 returns with following error
TF400813: The user is not authorized to access this resource.
kindly help.
To further clarify, I suspect that issue is with Authenticated user (user B ) , as the whole process works fine for one authenticated user (user A ) but fails for the other user (user B). So there must be something different with second authenticated user. But I am not sure what is it as I am not an Azure guy.
Also Note that when I am logged in with User A or User B , I can view my organizations/projects/repos , also I can add/delete organizations/projects/repos. (I am the organization Owner)
Then If I am able to view my organizations/repos with a logged in user , and the same user is authenticating the OAuth app then why the Access token produced by the user is not authorized to access the repos in the User B's account ?
I have found the missing part here.
It is that I have to go to the organization's settings like at the below URL
https://dev.azure.com/my_organization_name/_settings/organizationPolicy
and check the first check box under Application connection policies which is Third party application acces via OAuth
by checking in this option , I am able to fetch the repos under User B's account as well.
It's a shame that Microsoft has no documentation for this. Another reason to hate Microsoft products.
- I want to publish a zip file and then download it directly from Azure Artifact feed. Which task will help me do that?
- Schedule Azure DevpOs pipeline with two different parameters according to the cron syntax
- Azure Mac hosted agent: installing gem install, downloading old version gems
- NU1100: Unable to resolve Azure DevOps nuget package
- How to import a zscaler certificate into Git
- How to Enable Docker layer caching in Azure DevOps
- Whats the difference between a build pipeline and a release pipeline in Azure DevOps?
- The term 'script:' is not recognized as the name of a cmdlet, function, script file, or operable program
- Unable to complete a partial restore of our Azure DevOps database
- Azure Devops Jekyll site build fails, worked previously
- Why I am receiving the error: Error: Template file pattern matches a directory instead of a file: /home/vsts/work/1/s in my yaml file pipeline file?
- Conditional dependent job in Azure Devops YAML pipelines
- Azure DevOps REST API: Match Manual Test Case steps to Test Run results?
- How to configure Azure pipeline approval check to deploy to Azure function apps?
- Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
- Pipeline Shows as Failed When Successful
- Yaml manual approval step in jobs.template
- Environment variables as parameter of type object in Azure DevOps pipelines
- Skip Azure Pipeline jobs (or the whole pipeline) if change is from a merge from a specific branch
- Visual Studio 2022 can't connect to a project due to bad filters
- Azure Data Factory CI npm validate step suddenly crashing
- Error using Azure DevOps REST API and classificationnodes
- Remove TFS Connection From Visual Studio 2019
- Restricting branch creation based on Azure DevOps group permissions
- ADO - Granular Permission for Users on Team
- Dev env is skipping
- Must delete massive inadvertent checkin from remote git repo
- Job Conditions in Azure Pipelines
- Access Denied using Azure App Configuration Task in DevOps Pipeline
- Passing output variable to a template in the same job in Azure devops