I have created an application in Azure Portal that gives me an access token to the REST api of dev ops: https://vssps.dev.azure.com/$organization/_apis/tokens/pats?api-version=7.1-preview.1
I am able to successfully use the token to gain access to my PATs and return their information. I would like to run a PowerShell script to update the expiration date of each PAT, in dev ops. I am unable to find the correct permission in Azure Portal to allow me to do that.
The only permissions that pop up for tokens are: vso.tokenadministration and vso.tokens. Neither of these allow me to write the new expiration date to the dev ops Api and believe I need a different permission to do so. I cannot find “vso.token_manage” in available permissions either. Any Suggestions?
Thank you
I am getting an access error that would suggest my permissions are not in the scope of writing back to dev ops. I am using json for the format.
2
Here is a sample PowerShell script for your reference, which runs Azure CLI commands to get the user’s AAD token for authentication to update the expiration date of a PAT.
$TenantId = "xxxxxx"
$organization = "xxxxxx"
az login --tenant $TenantId --allow-no-subscriptions
$azureDevopsResourceId = "499b84ac-1321-427f-aa17-267ca6975798"
$token = az account get-access-token --resource $azureDevopsResourceId --query "accessToken" --output tsv
$headers = @{
'Authorization' = 'Bearer ' + "$token"
'Content-Type' = 'application/json'
}
$updateURL = "https://vssps.dev.azure.com/$organization/_apis/tokens/pats?api-version=7.1-preview.1"
$updatebody = @"
{
"displayName": "testPAT",
"scope": "app_token",
"validTo": "2024-09-15T00:00:00Z",
"authorizationId": "xxxxxx",
"allOrgs": false
}
"@
$updatedPAT = Invoke-RestMethod -Method Put -Uri $updateURL -Headers $headers -Body $updatebody | ConvertTo-Json
$updatedPAT
2