Sometimes you have these weird things you run into, and I’m sure I will not be able to find this one if I don’t store it here.

Image of frozen binoculars

Photo by Hakan Aldrin

Configuring Git with a PAT token with Azure DevOps

Usually in Windows I use the Windows Credential Manager for storing authentication against remote Git repositories. You can also use the SSH setup that Azure DevOps supports as a widely used alternative.

This time I was setting things up for a user with a Docker container and didn’t want to setup any of those options: I was already using a Personal Access Token for accessing the REST API and wanted to reuse that for the Git repository as well.

Searching around took quite a while until I found an obscure reference within the Git LFS repo that indicated you could setup Git with an extra authorization header with the PAT token in it. Seriously: can’t even find the repo I found this in.

Solution (repo based)

After some messing around I got things working, so here is the solution for future reference.

<span class="kr">function</span><span class="w"> </span><span class="nf">SetupAuthentication</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="kr">param</span><span class="w"> </span><span class="p">(</span><span class="w">
        </span><span class="p">[</span><span class="n">string</span><span class="p">]</span><span class="w"> </span><span class="nv">$organization</span><span class="w">
        </span><span class="p">[</span><span class="n">string</span><span class="p">]</span><span class="w"> </span><span class="nv">$project</span><span class="w">
        </span><span class="p">[</span><span class="n">string</span><span class="p">]</span><span class="w"> </span><span class="nv">$repoName</span><span class="p">,</span><span class="w">
        </span><span class="p">[</span><span class="n">string</span><span class="p">]</span><span class="w"> </span><span class="nv">$userName</span><span class="p">,</span><span class="w">
        </span><span class="p">[</span><span class="n">string</span><span class="p">]</span><span class="w"> </span><span class="nv">$PAT</span><span class="w">
    </span><span class="p">)</span><span class="w">

    </span><span class="c"># convert the Personal Access Token to a Base64 encoded string</span><span class="w">
    </span><span class="nv">$B64Pat</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="n">Convert</span><span class="p">]::</span><span class="n">ToBase64String</span><span class="p">([</span><span class="n">System.Text.Encoding</span><span class="p">]::</span><span class="n">UTF8.GetBytes</span><span class="p">(</span><span class="s2">":</span><span class="nv">$PAT</span><span class="s2">"</span><span class="p">))</span><span class="w">

    </span><span class="c"># store the extra header for git to use</span><span class="w">
    </span><span class="n">git</span><span class="w"> </span><span class="nx">config</span><span class="w"> </span><span class="nt">--global</span><span class="w"> </span><span class="nt">--add</span><span class="w"> </span><span class="nx">http.https://</span><span class="nv">$userName</span><span class="err">@</span><span class="nx">dev.azure.com/</span><span class="nv">$organization</span><span class="nx">/</span><span class="nv">$project</span><span class="nx">/_git/</span><span class="nv">$repoName</span><span class="o">.</span><span class="nf">extraHeader</span><span class="w"> </span><span class="s2">"AUTHORIZATION: Basic </span><span class="nv">$B64Pat</span><span class="s2">"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span>

Note that this is specific for the repository you are using.

Solution (project based)

If you want to skip configuring this for every repo, you can also leave the repo name off this setting like the example below:

<span class="w">    </span><span class="c"># store the extra header for git to use</span><span class="w">
    </span><span class="n">git</span><span class="w"> </span><span class="nx">config</span><span class="w"> </span><span class="nt">--global</span><span class="w"> </span><span class="nt">--add</span><span class="w"> </span><span class="nx">http.https://</span><span class="nv">$userName</span><span class="err">@</span><span class="nx">dev.azure.com/</span><span class="nv">$organization</span><span class="nx">/</span><span class="nv">$project</span><span class="nx">/_git/.extraHeader</span><span class="w"> </span><span class="s2">"AUTHORIZATION: Basic </span><span class="nv">$B64Pat</span><span class="s2">"</span><span class="w">
</span>

Note that this is specific for the project you are using.

Solution (organization based)

If you want to skip configuring this for every repo, you can also leave the repo name off this setting like the example below:

<span class="w">    </span><span class="c"># store the extra header for git to use</span><span class="w">
    </span><span class="n">git</span><span class="w"> </span><span class="nx">config</span><span class="w"> </span><span class="nt">--global</span><span class="w"> </span><span class="nt">--add</span><span class="w"> </span><span class="nx">http.https://</span><span class="nv">$userName</span><span class="err">@</span><span class="nx">dev.azure.com/</span><span class="nv">$organization</span><span class="nx">/_git/.extraHeader</span><span class="w"> </span><span class="s2">"AUTHORIZATION: Basic </span><span class="nv">$B64Pat</span><span class="s2">"</span><span class="w">
</span>

Note that this is specific for the organization you are using.

Azure Repos: Authenticate Git with a PAT

Photo by Hakan Aldrin

Configuring Git with a PAT token with Azure DevOps

Solution (repo based)

Solution (project based)

Solution (organization based)

Get in touch with us to learn more about the subject and related solutions

Explore related posts