I was trying to understand how netlify integrates with Azure DevOps git respository. I’m using the UI feature to establish this link but I don’t understand how it works, there is no token or OAuth configuration created in any of my organizations but in user setting there is a option named Authorization, and in there exists a reference to Netlify.
So the way that the Netlify make it’s registration is using Authorized OAuth Apps, but I still don’t understand how this registration is linked to everyone in the Azure DevOps Organization without using the organiztion OAuth.
The first time a user creates a site on Netlify linking an Azure Devops repository, the Oauth App requests authorization, bound to the user credentials, to access resources in the organizations to which the user has access.
Once the user authorizes the app, Netlify can get an access token (and a refresh token) for the user, used for the continuous deployment of the sites created by the user.
At this point, the user will see the Oauth App as authorized under their profile on Azure DevOps.
While creating the site, Netlify also creates service hooks on behalf of the user. These appear listed under the project settings on Azure DevOps.
That’s why the permissions of the user who creates the site and links the Azure DevOps repository are relevant.
You can find more info on our docs to understand the user permissions and org setup needed for the integration. And some resources to know more about Azure DevOps OAuth Apps: