Invite Users to Azure DevOps Project via REST API (PowerShell)

ShezBhagwandin
March 28, 2023
245 views
0 votes
2 Answers

The goal of the script is to invite a user to a specific project in Azure DevOps via REST. Invoke Request was used to add a user with the appropriate permissions.

I’m able to successfully retrieve the Project ID via the script below:

$OrganizationName = "ExampleOrg"
$projectName = "ExampleProject"

$AzureDevOpsAuthenicationHeader = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:AZ_Dev)")) }

$UriOrga = "https://$($OrganizationName).visualstudio.com/" 
$UriOrga
$uriAccount = $UriOrga + "_apis/projects?api-version=6.0"
$response = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader 


$Project = $response.value | where { $_.Name -eq $projectName }

$ProjectID = $Project.id

echo $ProjectID

However, using the newly acquired Project ID to send the invitation is unsuccessful.

$AZurl = 'https://vsaex.dev.azure.com/ExampleOrg/_apis/userentitlements?api-version=7.0'
$AZbase64AuthInfo = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:AZ_Dev)")) }

$AZbody =
@{
  accessLevel = @{
   accountLicenseType = "Stakeholder";
  }
  extensions =  @{
      id = "ms.feed"
    }
  user = @{
     principalName=  "[email protected]";
     subjectKind =  "user";
  }
  projectEntitlements =  @{
      group = @{
        groupType = "Contributors";
      }
      projectRef = @{
        id = $ProjectID
      }
    } 
} | ConvertTo-Json

$AZresponse = Invoke-RestMethod -Uri $AZurl -Method Post -ContentType "application/json" -Body $AZbody -Headers $AZbase64AuthInfo

$AZresponse

Can anyone provide some insight as to why this is happening and what the fix might be? Any assistance is greatly appreciated!

Answers

Chosen as BEST ANSWER
- ShezBhagwandin
- March 29, 2023 at 5:41 pm
- 0 votes
0
The code works as intended once the correct scopes are selected. Changing the "Member Entitlement Management" scope associated with the PAT allowed the code to run successfully.

Required Scope

If possible, testing with Full Access will also prevent this issue from occurring.

(Edit)

I have got the same issue when I executed your code. Then I modified authentication method to PAT token as below and it worked.

$OrganizationName = "vijxxxxx17"
$projectName = "testproj"

$PAT = "hwjsqvunxxxxxxxxxxxegy3tnnxw4uov5yqpb5a"

$AzureDevOpsAuthenicationHeader = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$PAT")) }

$UriOrga = "https://$($OrganizationName).visualstudio.com/" 
$UriOrga
$uriAccount = $UriOrga + "_apis/projects?api-version=6.0"
$response = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader 


$Project = $response.value | where { $_.Name -eq $projectName }

$ProjectID = $Project.id

echo $ProjectID

$AZurl = 'https://vsaex.dev.azure.com/vijaytcs17/_apis/userentitlements?api-version=7.0'

$AZbase64AuthInfo = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$PAT")) }

$AZbody = 
@{
  accessLevel = @{
   accountLicenseType = "Stakeholder";
  }
  extensions =  @{
      id = "ms.feed"
    }
  user = @{
     principalName=  "[email protected]";
     subjectKind =  "user";
  }
  projectEntitlements =  @{
      group = @{
        groupType = "Contributors";
      }
      projectRef = @{
        id = $ProjectID
      }
    } 
} | ConvertTo-Json


$AZresponse = Invoke-RestMethod -Uri $AZurl -Method Post -ContentType "application/json" -Body $AZbody -Headers $AZbase64AuthInfo

$AZresponse

Output:

Please signup or login to give your own answer.

Click here to cancel reply.