Microsoft Azure DevOps – REST APIs – Part 3 – Personal Access Tokens (PATs) – “Revoke”, “Edit” and “Regenerate” operations

Azure DevOps - Personal access token home page - selecting given PAT - Appearing options in top command bar - Revoke, Edit and Regenerate

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY,  STAY HOME 🙂

Background: We have started discussing Azure DevOps. In last 9 articles of Azure DevOps we discussed

In this article we will move ahead and will discuss few more operations – “Revoke”, “Edit” and “Regenerate” on Personal Access Token (PAT), which we created in last article. We need PATs for authenticating Azure DevOps. In one of the upcoming article we need to discuss – calling REST APIs programmatically where we need Personal Access Token for authenticating DevOps.

Take away from this article: At the end of this article we will got to know about different operations – “Revoke“, “Regenerate” and “Edit” on PAT and their scenarios.

Details : There are few options available for the respective PAT as shown in below Fig

  • Navigate to Personal Access Token (PAT) home page from User settings >> Personal access tokens as shown in below Fig
Azure DevOps - navigating to Personal access token home page
Fig : Azure DevOps – navigating to Personal access token home page
Azure DevOps - Personal access token home page - selecting given PAT - Appearing options in top command bar - Revoke, Edit and Regenerate
Fig : Azure DevOps – Personal access token home page – selecting given PAT – Appearing options in top command bar – Revoke, Edit and Regenerate

Edit Personal access token :

  • Select Personal access token which we want to Edit
  • Click on “Edit” link from top command bar as shown in below Fig
  • We will have “Edit a personal access token” dialog as shown in below fig which is similar when we have dialog while creating new Personal Access Token as shown in below fig
  • From this dialog we can edit the respective metadata (Expiry date, Scopes …)
  • Here we have an option to extend the expiry date for selected PAT
Azure DevOps - Personal access token home page - editing selected PAT
Fig : Azure DevOps – Personal access token home page – editing selected PAT

Regenerate :

  • If some how we lost previous copied PAT or expired the existing PAT and forgot to edit respective PAT then we have “Regenerate” option there
  • There is “Regenerate” option in command bar appears after selecting the respective PAT from the listings as shown in below fig
Azure DevOps - Personal access token home page - Regenerate confirmation dialog
Fig : Azure DevOps – Personal access token home page – Regenerate confirmation dialog
  • Once we have clicked on “Regenerate” command and it success then we have “Success!” pane as shown in below fig
  • Please read carefully the warning – We need to copy the PAT and save it properly. DevOps doesnt stores it and once “Success!” pane is closed we wont have opportunity to recover it. We need to again “Regenerate” it.
Azure DevOps - Personal access token home page - Regenerate success pane - make sure we are copying the PAT since we closed the dialog once we don't have an option to recover the PAT
Fig : Azure DevOps – Personal access token home page – Regenerate success pane – make sure we are copying the PAT since we closed the dialog once we don’t have an option to recover the PAT
  • On successful regeneration of PAT we have get email notification as shown in below fig
Azure DevOps - Personal access token home page - Regenerate success notification - Email received
Fig : Azure DevOps – Personal access token home page – Regenerate success notification – Email received

Revoke :

  • If we are done with the respective PAT or if it is compromised (in this case need to take immediate action) then we have an option to “Revoke” it
  • We will have an “Revoke” option available from the command bar
  • On clicking of “Revoke” link we will have “Confirmation” dialog for “Revoke” as shown in below fig
Azure DevOps - Personal access token home page - Revoke confirmation dialog
Fig : Azure DevOps – Personal access token home page – Revoke confirmation dialog
  • Once we have “Revoke” operation done successfully, the respective PAT will be removed from the PAT listing as shown in below fig
Azure DevOps - Personal access token home page - After Revoke operation success , no more the respective PAT
Fig : Azure DevOps – Personal access token home page – After Revoke operation success , no more the respective PAT

Best Practices : Generate PAT for smaller duration. If it expires then regenerate. User who created the PAT receives notification one week before expiration then respective user can take necessary action like extending expiry, regenerating new token or editing the scopes for given expiration and so on

Note : Once user left the company and if he removed from Azure AD, then PATs token invalidate within an hour, since refresh token is valid only for an hour

References:

Next Article:

We have very good series going on Azure DevOps. Please have a look once – https://knowledge-junction.com/?s=Azure+DevOps

Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

One thought on “Microsoft Azure DevOps – REST APIs – Part 3 – Personal Access Tokens (PATs) – “Revoke”, “Edit” and “Regenerate” operations

This site uses Akismet to reduce spam. Learn how your comment data is processed.