Personal Access Tokens
Personal Access Tokens (PATs) provide a way to access task information in both workers and applications that create and manage tasks.
An access token grants access to the Taskurai API.
Copy the token to a secure place and do not share or check this token into source control.
Prerequisites
- Taskurai installation (Taskurai instance, Taskurai CLI, etc.). See Taskurai Setup.
If you are not signed in to Azure yet, you will need to log in using your Azure credentials. You can use one of the following methods:
- Azure Tools extension for VS Code
- Azure CLI:
az login - Azure PowerShell:
Connect-AzAccount - If you are not logged in using any of the above methods, an interactive browser login will be used.
Taskurai Access Scopes
Include all scopes
To include all scopes, user wildcards:
Taskurai.*
Task scopes
The following access scopes can be used:
Taskurai.Task.Create: Create new tasks.Taskurai.Task.Read: Read or list tasks.Taskurai.Task.Logs.Read: Read or list task logs.Taskurai.Task.Update: Update existing tasks.Taskurai.Task.Delete: Delete a task.
To include all task permissions, use wildcards:
Taskurai.Task.*
Logging scopes
The following access scopes can be used:
Taskurai.Log.Query.Read: Query log messages.Taskurai.Log.Console.Read: List console log messages.Taskurai.Log.System.Read: List system log messages.Taskurai.Log.Task.Console.Read: List task console log messages.Taskurai.Log.TaskCorrelation.Console.Read: List task correlation console log messages.Taskurai.Log.Command.Console.Read: List command console log messages.Taskurai.Log.Worker.Console.Read: List worker console log messages.Taskurai.Log.Worker.System.Read: List worker system log messages.Taskurai.Log.ContainerImage.Console.Read: List container image console log messages.
To include all log permissions, use wildcards:
Taskurai.Log.*
Managing PATs using the CLI
Creating an Access Token
To create an access token, use the taskurai pat create command:
taskurai pat create --name mytoken --valid-minutes 43200 --scopes "Taskurai.Task.*" --scopes "Taskurai.Log.*"
Updating an Access Token
To update an existing access token, use the taskurai pat update command:
taskurai pat update --name mytoken --valid-minutes 2500
Showing an Access Token
To view the properties of an existing access token, use the taskurai pat show command:
taskurai pat show --name mytoken
Please note that the token value is only returned when creating or updating a token.
Listing Access Tokens
To list all access tokens, use the taskurai pat list command:
taskurai pat list
Removing Access Tokens
To delete an access token, use the taskurai pat delete command:
taskurai pat delete --name mytoken
Alternatively, you can select the PAT(s) from the list using the delete command:
taskurai pat delete
Revoking Access
If you want to revoke access using a specific token, deleting the token will immediately revoke access permanently.
Handling Access Tokens
Access tokens should be handled with care, as they provide access to the Taskurai API.
For local development in C#, it is recommended to use User Secrets to store and manage secrets. This way, you avoid checking secrets into source control.
When running your applications in a hosted environment, deploy PATs as sensitive information. Use the methods available on your platform or deployment pipeline to manage this kind of information.
Workers deployed to Taskurai do not need any access tokens deployed as part of the solution. They are granted access automatically.