Azure DevOps · OAuth Scopes

Azure DevOps OAuth Scopes

OAuth 2.0 derived

Azure DevOps publishes 4 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Azure DevOps API on a user’s behalf.

Tokens are issued from https://app.vssps.visualstudio.com/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

AzureCI/CDDevOpsPipelinesWork Items
Scopes: 4 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://app.vssps.visualstudio.com/oauth2/authorize
Token URL
https://app.vssps.visualstudio.com/oauth2/token
Flows
authorizationCode

Scopes (4)

ScopeDescriptionFlows
vso.build Read build data authorizationCode
vso.build_execute Queue and manage builds authorizationCode
vso.work Read work items authorizationCode
vso.work_write Read and write work items authorizationCode

Source

OAuth Scopes

azure-devops-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/azure-devops-pipelines-openapi.yml, openapi/azure-devops-work-items-openapi.yml
schemes:
- name: oauth2
  source: openapi/azure-devops-pipelines-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://app.vssps.visualstudio.com/oauth2/authorize
    tokenUrl: https://app.vssps.visualstudio.com/oauth2/token
- name: oauth2
  source: openapi/azure-devops-work-items-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://app.vssps.visualstudio.com/oauth2/authorize
    tokenUrl: https://app.vssps.visualstudio.com/oauth2/token
scopes:
- scope: vso.build
  description: Read build data
  flows:
  - authorizationCode
  sources:
  - openapi/azure-devops-pipelines-openapi.yml
- scope: vso.build_execute
  description: Queue and manage builds
  flows:
  - authorizationCode
  sources:
  - openapi/azure-devops-pipelines-openapi.yml
- scope: vso.work
  description: Read work items
  flows:
  - authorizationCode
  sources:
  - openapi/azure-devops-work-items-openapi.yml
- scope: vso.work_write
  description: Read and write work items
  flows:
  - authorizationCode
  sources:
  - openapi/azure-devops-work-items-openapi.yml