问题
I've successfully got my ASP.NET (MVC5) application reading from and writing to our VSTS work items in C# on the server side.
However, for the best user experience I really want to make some updates using Ajax. I've been able to get this working perfectly using a Personal Access Token (PAT) created under my own account. For example, this works fine:
var vstsAuthHeader = { "Authorization": "Basic " + btoa("" + ":" + "abcd...123") }
function updateRoadmapGroup(featureId, newRoadmapGroup) {
var patchDocument = [{
"op": "replace",
"path": "/fields/CustomScrum.RoadmapGroupID",
"value": newRoadmapGroup
}];
var patchValue = JSON.stringify(patchDocument);
$.ajax({
method: "PATCH",
url: "https://myaccount.visualstudio.com/_apis/wit/workitems/" + featureId + "?api-version=" + apiVersion,
contentType: "application/json-patch+json",
beforeSend: function (xhr) {
xhr.setRequestHeader(vstsAuthHeader);
},
processData: false,
data: patchValue,
error: function (exception) {
console.log(exception);
},
success: function (data) {
}
});
};
Once that was working, I assumed that moving to using OAuth instead of my PAT would be easy. Something like changing the first line of the code listed above to:
var vstsAuthHeader = { "Authorization": "Bearer " + btoa("" + ":" + accessToken) }
This doesn't work - I get the error "401 (Unauthorized)", and when I delve a little deeper the full error is:
TF400813: Resource not available for anonymous access. Client authentication required.
I've tried so many variations of the Ajax call, but none work. I've tried adding
beforeSend: function (xhr) {
xhr.setRequestHeader("Authorization", "Bearer " + btoa("" + ":" + accessToken));
},
which seems closer to some examples of similar things I've found online, but doesn't work.
I've tried both of the above methods without the btoa function, which I believe is converting the token to Base64, just passing using the raw accessToken value. And I've tried a dozen other things, always with the same result.
My question is how do I update the VSTS items in an Ajax call with an OAuth Bearer Token in the same way that I'm able to do with a PAT?
回答1:
The id of the identity is different for the same sign in address when it is used as both Microsoft Account and Work Account. And the id of the identity is also different for the same work account address in different domains. So if you get 401 error with OAuth token, it could be caused by the identity you used to issue the token is incorrect.
回答2:
Refer to these code:
$.ajax({
type: 'GET',
url: 'https://XXX.visualstudio.com/DefaultCollection/_apis/wit/workitems/209?api-version=1.0',
cache: false,
dataType: 'json',
beforeSend: function (xhr) {
var b = "Bearer [auth token]";
xhr.setRequestHeader("Authorization", b);
},
}).done(function (data) {
}).error(function (e) {
});
On the other hand, make sure you check the related scope (e.g. Work Item) when create application in VSTS.
来源:https://stackoverflow.com/questions/46978479/use-oauth-bearer-token-instead-of-pat-in-ajax-calls-to-vsts-api