Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF30063: You are not authorized to access with APT Token #2044

Closed
MrHinsh opened this issue May 10, 2024 · 2 comments
Closed

TF30063: You are not authorized to access with APT Token #2044

MrHinsh opened this issue May 10, 2024 · 2 comments
Assignees
@MrHinsh
Labels
bug WithAzureDevOpsProductTeam

Comments

@MrHinsh
Copy link
Member

MrHinsh commented May 10, 2024

I have configured the tool with AccessToken in both the Source and Target, and they have been verified as correct. Upon attempting to execute the script, I encounter the following error (the Target in the URL has been redacted below). Everything should be in order with credentials and permissions, and are not able to figure out where the issue may be. Does anyone have insight on this?


`[14:17:02 INF] [v15.0.1] Beginning run of 1 processors
[14:17:02 INF] [v15.0.1] Processor: WorkItemMigration
[14:17:02 INF] [v15.0.1] Migration Context Start: WorkItemMigration
[14:17:02 INF] [v15.0.1] Connecting with AccessToken 
[14:17:03 ERR] [v15.0.1] Unable to configure store: Check persmissions and credentials for AccessToken
Microsoft.TeamFoundation.TeamFoundationServerUnauthorizedException: TF30063: You are not authorized to access https://dev.azure.com/Target. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.TeamFoundation.Client.Channels.TfsHttpWebRequest.SendRequestAndGetResponse(HttpWebRequest webRequest, WebException& webException)
   --- End of inner exception stack trace ---
   at Microsoft.TeamFoundation.Client.Channels.TfsHttpWebRequest.SendRequest()
   at Microsoft.TeamFoundation.Client.Channels.TfsHttpRequestChannel.Request(TfsMessage message, TimeSpan timeout)
   at Microsoft.TeamFoundation.Client.Channels.TfsHttpClientBase.Invoke(TfsClientOperation operation, Object[] parameters, TimeSpan timeout, Object[]& outputs)
   at Microsoft.TeamFoundation.Framework.Client.LocationWebService.Connect(Int32 connectOptions, Int32 lastChangeId, Int32 features)
   at Microsoft.TeamFoundation.Framework.Client.FrameworkServerDataProvider.Connect(ConnectOptions connectOptions)
   at Microsoft.TeamFoundation.Client.TfsConnection.EnsureProviderConnected()
   at MigrationTools._EngineV1.Clients.TfsMigrationClient.GetDependantTfsCollection(NetworkCredential credentials) in D:\a\1\s\src\MigrationTools.Clients.AzureDevops.ObjectModel\_EngineV1\Clients\TfsMigrationClient.cs:line 151

`
{
"ChangeSetMappingFile": null,
"Source": {
"$type": "TfsTeamProjectConfig",
"Collection": "https://dev.azure.com/Source",
"Project": "Project Source",
"ReflectedWorkItemIDFieldName": "Custom.ReflectedWorkItemId",
"AllowCrossProjectLinking": false,
"AuthenticationMode": "AccessToken",
"PersonalAccessToken": "123456789456123456789456123",
"PersonalAccessTokenVariableName": "Testmig1",
"LanguageMaps": {
"AreaPath": "Area",
"IterationPath": "Iteration"
},
"CollectionName": "https://dev.azure.com/Source"
},
"Target": {
"$type": "TfsTeamProjectConfig",
"Collection": "https://dev.azure.com/Target",
"Project": "Project Target",
"ReflectedWorkItemIDFieldName": "Custom.ReflectedWorkItemId",
"AllowCrossProjectLinking": false,
"AuthenticationMode": "AccessToken",
"PersonalAccessToken": "123456789456123456789456123",
"PersonalAccessTokenVariableName": "Testmig2",
"LanguageMaps": {
"AreaPath": "Area",
"IterationPath": "Iteration"
},
"CollectionName": "https://dev.azure.com/Target"
},
"FieldMaps": [],
"GitRepoMapping": null,
"LogLevel": "Information",
"CommonEnrichersConfig": [],
"Processors": [
{
"$type": "WorkItemMigrationConfig",
"Enabled": true,
"UpdateCreatedDate": true,
"UpdateCreatedBy": true ,
"WIQLQuery": "SELECT [System.Id] FROM WorkItems WHERE [System.TeamProject] = @teamproject AND [System.WorkItemType] IN ('Bug') AND [Microsoft.VSTS.Common.ClosedDate] = '' ORDER BY [System.ChangedDate] desc",
"FixHtmlAttachmentLinks": false,
"SkipToFinalRevisedWorkItemType": false,
"WorkItemCreateRetryLimit": 5,
"FilterWorkItemsThatAlreadyExistInTarget": true,
"PauseAfterEachWorkItem": false,
"AttachRevisionHistory": false,
"LinkMigrationSaveEachAsAdded": false,
"GenerateMigrationComment": true,
"WorkItemIDs": 21692,
"MaxGracefulFailures": 0,
"SkipRevisionWithInvalidIterationPath": false,
"SkipRevisionWithInvalidAreaPath": false
}
],
"Version": "15.0",
"workaroundForQuerySOAPBugEnabled": false,
"WorkItemTypeDefinition": {
"sourceWorkItemTypeName": "targetWorkItemTypeName"
},
"Endpoints": {
"InMemoryWorkItemEndpoints": [
{
"Name": "Source",
"EndpointEnrichers": null
},
{
"Name": "Target",
"EndpointEnrichers": null
}
]
}
}

Originally posted by @Stischu in #1996
@MrHinsh MrHinsh self-assigned this May 10, 2024
@MrHinsh
Copy link
Member Author

MrHinsh commented May 10, 2024
edited

This seams to be a fault with the Azure DevOps Object Model API.

The same PAT token works using the following Rest API code:

$Token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$temptoken = $null
$header = $null
$temptoken = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$Token"))
$header = @{authorization = "Basic $temptoken" }
Write-DebugLog "Header: {header}" -PropertyValues $header
$callUrl = "https://app.vssps.visualstudio.com/_apis/profile/profiles/me"
$profile = Invoke-RestMethod -Uri $callUrl -Method Get -ContentType "application/json" -Headers $header
Write-Output "Found $($profile.emailAddress)"
$callUrl = "https://app.vssps.visualstudio.com/_apis/accounts?memberId=$($profile.id)&api-version=7.2-preview.1"
$accounts = Invoke-RestMethod -Uri $callUrl -Method Get -ContentType "application/json" -Headers $header
foreach ($account in $accounts.value) {
    Write-Output "Found $($account.accountName)"
}

While does not work using the Object Model:

$Token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$pathToDlls = "C:\Users\MartinHinshelwoodNKD\source\repos\azure-devops-migration-tools\src\MigrationTools.ConsoleFull\bin\Debug\net472"
Add-Type -Path "$pathToDlls\Microsoft.TeamFoundation.WorkItemTracking.Client.dll"
Add-Type -Path "$pathToDlls\Microsoft.VisualStudio.Services.Common.dll"
[Microsoft.VisualStudio.Services.Common.VssBasicCredential]$vssCredentials
$vssCredentials = New-Object Microsoft.VisualStudio.Services.Common.VssBasicCredential("", $Token)
$collectionUri = "https://dev.azure.com/nkdagility-preview"
$teamProjectCollection = New-Object Microsoft.TeamFoundation.Client.TfsTeamProjectCollection(New-Object Uri($collectionUri), $vssCredentials)
[Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStoreFlags]$accesslevel = [Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStoreFlags]::BypassRules
$workItemStore = New-Object Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore($teamProjectCollection, $accesslevel)

@MrHinsh
Copy link
Member Author

MrHinsh commented May 21, 2024

I have heard back from the Product Team, and the Object Model only works with "Full Access" PAT tokens.

image

@MrHinsh MrHinsh closed this as completed May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MrHinsh MrHinsh

Labels
bug WithAzureDevOpsProductTeam
Projects
AzureDevOps-Migration-Tools
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MrHinsh