The standard Authentication Schemed in VSTS include Basic (username/password), Token, Service Credential (for Azure) and AzureCertificate Authentication. If you simply need a username password or a Personal Access token you can derive your own Credential Type from one of the exiting Authentication Schemes.

You can see an example of this technique in my VSTS Extension tasks

But what if you need to extend beyond the basics? There are ways to extend the UI with additional textboxes, as done in some of the other extensions you’ll find out on GitHub.

NOTE: I’ve been asked by Microsoft to explain that even though the below code will currently create your custom auth scheme, the product still assumes that the standard list of authentication schemes is fixed. You will run into unforeseen issues until this fully opens up at some point in time.

I’m leaving the below piece for reference, as it’s a nice way to understand how the extensibility works and how items are defined, but please do not use it at the moment to create custom auth schemes. While your extension will likely pass all validations, it may cause all kinds of issues for your consumers.

Instead, expand the Basic or Token auth scheme with additional parameters and change the Name/Description to make the UI reflect your needs.

If you want to go beyond that and want to define your own UI with its own fields, the next step is to define your own endpoint-auth-scheme. The documentation on this contributionpoint is still scant, but if you dig into a TFS 2015 update 2 installation you’ll find some very useful examples.

Navigate to C:Program FilesMicrosoft Team Foundation Server 14.0ToolsDeployTfsServicingFilesExtensions to find the standard extensions that define the basic behavior of a standard installation. In there you’ll find 4 vsix files

If you dig a little deeper you’ll find extension.vsomanifest which contains the Json snippet you’re after. The example from the Service Credential is one of the most extensive:

You’ll be able to stick these in your own extension manifests in order to create a full custom endpoint credential type with a complete custom authentication scheme. The sample below can be adapted to do exactly that: