DevOps Server (on-prem) Workflow
For pairing with DevOps Services, we do not have any tokens. Timetracker uses NTLM auth for API endpoints and impersonates calls to DevOps Server with this data.
The only thing we need is the address of the Timetracker application.
If you know your Timetracker URI, just use %timetracker_address%/api address to API.
If you only know the DevOps Server URI and want to find the Timetracker address, please use this procedure:
1. User enters AD credentials to connect to DevOps Server.
2. User enters DevOps Server URL with collection.
3. Timetracker performs GET request to %CollectionName%/_apis/Contribution/InstalledApps/.
4. In the returned JSON, find extension with:
5. Use baseUri from the found extension to validate access to GET /api/tracking/client/latest?api-version=2.
DevOps Services (cloud) Workflow
1. Upon opening a page with pairing applications, 7pace Timetracker performs a POST request to /api/pin/create?api-version=2. Returned object contains PIN and security_code. PIN is demonstrated to the user.
2. Client periodically checks if PIN is validated by performing GET
PIN valid for 1 minute
3. User enters PIN on web server side.
4. If PIN is validated, the server responds with “validated” as the PIN state.
5. Client performs POST request /token.
6. If server returns Invalid as state: request new token
6. Server returns object with access and refresh tokens.
A token’s lifetime is one (1) hour (3600 seconds); Refresh Token is valid for one (1) year (129600 seconds).
Diagram of the process described, above:
To obtain a new token with “Refresh Token”, perform this request:
A token is valid for SignalR until it disconnects.
Therefore, even an outdated token maintains a valid SignalR connection.