Oauth specifications

minnocci-bcgdv · October 17, 2022, 1:01pm

CI system used: Azure DevOps

Hello

We are trying to test SonarCloud with Microsoft Azure DevOps using OAuth and our security department would be interested in knowing some more details about the OAuth API permissions: which ones are requested and what type of perm is each (Application vs Delegated)?

I couldn’t find specifics here (https://docs.sonarcloud.io/appendices/security-statement/#authentication)

Thanks a lot in advance!

ganncamp · October 18, 2022, 3:34pm

Hi,

Welcome to the community!

Is this what you’re looking for?

Ann

minnocci-bcgdv · October 19, 2022, 10:22pm

Hi Ann!

Thanks a lot for your reply.

I would like to log in using Azure DevOps so it would be easier to move through the configurations. The problem is, I don’t have an admin account and our admins need to understand how are the OAuth API permissions requested in this process. This is more an OAuth specs question. Of course I can log in i.e. with GitHub but this is not gonna show me the repos on Azure.

Thank you!

mickaelcaro · October 20, 2022, 12:51pm

Hi @minnocci-bcgdv

We are using :

ID tokens
Both personal and organizations accounts are supported : we use the multitenant endpoint
We need permissions on MS Graph (User.read / Delegated) and AAD Graph (User.Read / Delegated as well)

Hope that clarifies.

minnocci-bcgdv · October 20, 2022, 1:17pm

Will pass it over, thanks a lot!!!