Microsoft Azure DevOps – REST APIs – Part 3 – Personal Access Tokens (PATs) – “Revoke”, “Edit” and “Regenerate” operations
LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY, STAY HOME 🙂
Background: We have started discussing Azure DevOps. In last 9 articles of Azure DevOps we discussed
- Introductory part of Azure DevOps – Introduction of Azure DevOps
- Organizations in Azure DevOps – What are Azure DevOps Organizations, how to create Organizations, permissions etc.
- Microsoft Azure DevOps – Deleting and Recovering Organization
- Microsoft Azure DevOps – Projects – What are Azure DevOps Projects, how to create Projects, permissions etc.
- Microsoft Azure DevOps – Types of Projects – Public project, Private project
- Microsoft Azure DevOps – Project settings
- Microsoft Azure DevOps – Deleting and Recovering Projects
- Azure DevOps – REST APIs – Part 1 – for Projects
- Azure DevOps – REST APIs – Part 2 – Creating Personal Access Tokens (PATs)
In this article we will move ahead and will discuss few more operations – “Revoke”, “Edit” and “Regenerate” on Personal Access Token (PAT), which we created in last article. We need PATs for authenticating Azure DevOps. In one of the upcoming article we need to discuss – calling REST APIs programmatically where we need Personal Access Token for authenticating DevOps.
Take away from this article: At the end of this article we will got to know about different operations – “Revoke“, “Regenerate” and “Edit” on PAT and their scenarios.
Details : There are few options available for the respective PAT as shown in below Fig
- Navigate to Personal Access Token (PAT) home page from User settings >> Personal access tokens as shown in below Fig
- We will be redirected to Personal home page =>https://dev.azure.com/<organization name>/_usersSettings/tokens – here, https://dev.azure.com/prashamsabadra/_usersSettings/tokens as shown in below Fig
- On Personal Access Tokens home page, if we will select any PAT we will have options – Revoke, Edit and Regenerate options available in command bar as shown in below Fig
Edit Personal access token :
- Select Personal access token which we want to Edit
- Click on “Edit” link from top command bar as shown in below Fig
- We will have “Edit a personal access token” dialog as shown in below fig which is similar when we have dialog while creating new Personal Access Token as shown in below fig
- From this dialog we can edit the respective metadata (Expiry date, Scopes …)
- Here we have an option to extend the expiry date for selected PAT
- If some how we lost previous copied PAT or expired the existing PAT and forgot to edit respective PAT then we have “Regenerate” option there
- There is “Regenerate” option in command bar appears after selecting the respective PAT from the listings as shown in below fig
- Once we have clicked on “Regenerate” command and it success then we have “Success!” pane as shown in below fig
- Please read carefully the warning – We need to copy the PAT and save it properly. DevOps doesnt stores it and once “Success!” pane is closed we wont have opportunity to recover it. We need to again “Regenerate” it.
- On successful regeneration of PAT we have get email notification as shown in below fig
- If we are done with the respective PAT or if it is compromised (in this case need to take immediate action) then we have an option to “Revoke” it
- We will have an “Revoke” option available from the command bar
- On clicking of “Revoke” link we will have “Confirmation” dialog for “Revoke” as shown in below fig
- Once we have “Revoke” operation done successfully, the respective PAT will be removed from the PAT listing as shown in below fig
Best Practices : Generate PAT for smaller duration. If it expires then regenerate. User who created the PAT receives notification one week before expiration then respective user can take necessary action like extending expiry, regenerating new token or editing the scopes for given expiration and so on
Note : Once user left the company and if he removed from Azure AD, then PATs token invalidate within an hour, since refresh token is valid only for an hour
- Revoke personal access tokens for organization users
- Power Shell script for revoking the tokens
- Use personal access tokens
We have very good series going on Azure DevOps. Please have a look once – https://knowledge-junction.com/?s=Azure+DevOps
Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂Share In Teams:
Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂