Configuring OAuth 2.0 for Microsoft Azure DevOps Services

To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:

  1. Set up an application in Microsoft Entra ID.

  2. Apply the Microsoft Entra ID App Secret.

Setting up the Microsoft Entra ID OAuth App

Set up a Microsoft Entra ID OAuth App to enable Che users to interact with Azure DevOps Git repositories without re-entering credentials.

Prerequisites

Additional resources

Applying the Microsoft Entra ID OAuth App Secret

Prepare and apply the Secret that enables Che to authenticate with Microsoft Entra ID for Azure DevOps repository access.

Prerequisites

  • You have set up the Microsoft Entra ID OAuth App.

  • The following values, which were generated when setting up the Microsoft Entra ID OAuth App, are prepared:

    • Application (client) ID

    • Directory (tenant) ID

    • Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

  1. Prepare the Secret:

    kind: Secret
apiVersion: v1
metadata:
  name: azure-devops-oauth-config
  namespace: eclipse-che(1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: azure-devops
type: Opaque
stringData:
  tenant-id: <Microsoft_Entra_ID_Tenant_ID>(2)
  id: <Microsoft_Entra_ID_App_ID>(3)
  secret: <Microsoft_Entra_ID_Client_Secret>(4)
    1 The Che namespace. The default is eclipse-che.
    2 The Microsoft Entra ID Directory (tenant) ID.
    3 The Microsoft Entra ID Application (client) ID.
    4 The Microsoft Entra ID Client Secret.

  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

  3. Verify in the output that the Secret is created.

  4. Wait for the rollout of the Che server components to be completed.