Azure DevOps – Service Connection Authentication Scheme

Last week I was working on an extension for a customer. I had to build it from the ground up but ran into some issues regarding service connections while using the documentation of Microsoft. My goal was to create an extension with a token-based service connection.

I have never created an extension that required a service connection. So everything was new to me. A problem I ran into was that the service connection just wouldn’t show up in Azure DevOps, but the CI/CD building of the extension did not give any configuration errors. None of the solutions offered on the Microsoft Docs website worked for me. After a while of trying and debugging, I gave up and went looking for examples on GitHub. I knew about the SonarQube extension, that extension has a service connection. Luckily it is an opensource repository on GitHub. So I compared their vss-extension.json with mine and found some differences.

Example token-based service connection JSON block

Above is a somewhat example of the JSON file I created. Compared to the SonarQube extension it was missing some critical components like an authenticationScheme with a token schema type. Also, the type and target are pointing towards an auth scheme, but these should just point to the “service-endpoint-type”.

Every property above the “properties” block should focus on the service connection and not on schemes. In the code-block below I fixed all these issues.

End result

The end result to create a token-based service connection:

"id": "endpoint-auth-scheme-token",
"description": "i18n:Token based endpoint authentication scheme",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"properties": {
"name": "Token",
"displayName": "i18n:Token Based Authentication",
"authenticationSchemes": [
"type": "ms.vss-endpoint.endpoint-auth-scheme-token",
"headers": [
"name": "Authorization",
"value": "{{endpoint.apitoken}}"
"inputDescriptors": [
"id": "apitoken",
"name": "i18n:API Token",
"description": "i18n:API Token for connection to endpoint",
"inputMode": "textbox",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string",
"maxLength": 300
view raw tokenbased.json hosted with ❤ by GitHub

Updated the Microsoft documentation

The Microsoft Docs is opensource. This means everyone can update the documentation pages, so I decided to create a (my first) pull request to update the schemes and the PR got accepted! That was such a cool feeling. My changes can be seen on the Microsoft Docs page about authentication schemes.


This is what I came across while working with a custom extension. I hope it gave you some insight if you ran across the same problems. If it did not help, let me know.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s