If you’ve run into trouble while trying to publish an Azure DevOps or Visual Studio extension to the Visual Studio Marketplace, please ask your administrator if they have enabled the new policy to restrict the creation of global personal access tokens (PATs).
Symptom
Today, in order to publish an extension to the Visual Studio Marketplace using the Cross-platform CLI for Azure DevOps (tfx-cli), you must create a personal access token that applies to all accessible organizations (a “global PAT”). Note that you only need a personal access token if you are publishing via the CLI; you do not need a PAT to publish via the Visual Studio Marketplace Web Portal.
If you are unable to create a personal access token for all accessible organizations with the desired marketplace scopes, you will not be able to publish extensions to Visual Studio marketplace from your organization via the CLI.
Cause
Azure DevOps released several new security features which allow company administrators to restrict the creation of personal access tokens. One such feature prevents the creation of personal access tokens that apply to all accessible organizations (“global PATs”). By default, the policy is disabled and users are free to create global personal access tokens (PATs). However, once enabled, the policy prevents the creation of global PATs and in turn, prevents users from publishing to the marketplace with the CLI.
Workarounds
If you need to publish an extension through CLI and have been blocked by the new policy, the primary workaround is to ask your administrator to add your user account to the allowlist for the policy. Azure AD users and groups added to the allowlist will be exempt from the restriction and will be able to create PATs appropriate for publishing to the marketplace.
Additionally, the policy can be turned on or off altogether. By default, it is set to off.
Other Issues?
If neither of the workarounds work for you, or if you’re having other issues, please let us know by commenting below. We apologize for the inconvenience as we work towards a long-term solution.
Thanks for sharing this valuable information.
This is the 4th article I read about Azure DevOps