Configuring OAuth 2.0 for Microsoft Azure DevOps Services

To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:

  1. Set up an application in Microsoft Entra ID.

  2. Apply the Microsoft Entra ID App Secret.

Setting up the Microsoft Entra ID OAuth App

Set up a Microsoft Entra ID OAuth App using OAuth 2.0.

Prerequisites

Additional resources

Applying the Microsoft Entra ID OAuth App Secret

Prepare and apply the Microsoft Entra ID Secret.

Prerequisites

  • Setting up the Microsoft Entra ID OAuth App is completed.

  • The following values, which were generated when setting up the Microsoft Entra ID OAuth App, are prepared:

    • Application (client) ID

    • Directory (tenant) ID

    • Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

  1. Prepare the Secret:

    kind: Secret
apiVersion: v1
metadata:
  name: azure-devops-oauth-config
  namespace: eclipse-che(1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: azure-devops
type: Opaque
stringData:
  tenant-id: <Microsoft_Entra_ID_Tenant_ID>(2)
  id: <Microsoft_Entra_ID_App_ID>(3)
  secret: <Microsoft_Entra_ID_Client_Secret>(4)
    1 The Che namespace. The default is eclipse-che.
    2 The Microsoft Entra ID Directory (tenant) ID.
    3 The Microsoft Entra ID Application (client) ID.
    4 The Microsoft Entra ID Client Secret.

  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

  3. Verify in the output that the Secret is created.

  4. Wait for the rollout of the Che server components to be completed.