AzureAD · Haard30 · Mar 5, 2024 · Mar 4, 2024 · Mar 4, 2024 · Mar 5, 2024
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- `--allow-custom-scopes` to skip validation and allow custom Azure DevOps PAT scopes.
 
 ## [0.8.4] - 2023-09-05
 ### Changed

@@ -145,8 +145,8 @@ public static class Scopes
 
         /// <summary>Validate the given scopes.</summary>
         /// <param name="scopes">The scopes to validate.</param>
-        /// <returns>The set of invalid scopes present in the given scopes. The
-        /// empty set means no scopes were invalid.</returns>
+        /// <returns>The set of unknown scopes present in the given scopes. The
+        /// empty set means no scopes were unknown.</returns>
         public static ImmutableHashSet<string> Validate(IEnumerable<string> scopes)
         {
             return scopes.Except(ValidScopes).ToImmutableHashSet();

@@ -36,6 +36,9 @@ public class CommandPat
         private const string ScopeOption = "--scope";
         private const string ScopeHelp = "A token scope for accessing Azure DevOps resources. Repeated invocations allowed.";
 
+        private const string AllowCustomScopesFlag = "--allow-custom-scopes";
+        private const string AllowCustomScopesHelp = "Skip validation and allow custom Azure DevOps PAT scopes.";
+
         private const string OutputOption = "--output";
         private const string OutputHelp = "How PAT information is displayed. [default: token]\n[possible values: none, status, token, base64, header, headervalue, json]";
 
@@ -75,6 +78,9 @@ private enum OutputMode
         [Option(ScopeOption, ScopeHelp, CommandOptionType.MultipleValue)]
         private IEnumerable<string> RawScopes { get; set; } = null;
 
+        [Option(AllowCustomScopesFlag, AllowCustomScopesHelp, CommandOptionType.NoValue)]
+        private bool AllowCustomScopes { get; set; }
+
         [Option(OutputOption, OutputHelp, CommandOptionType.SingleValue)]
         private OutputMode Output { get; set; } = OutputMode.Token;
 
@@ -166,16 +172,21 @@ private bool ValidOptions(ILogger logger)
                 logger.LogError($"The {ScopeOption} field is required.");
                 validOptions = false;
             }
+            else if (AllowCustomScopes)
+            {
+                logger.LogWarning($"Skipping scopes validation.");
+            }
             else
             {
-                var invalidScopes = AdoPat.Scopes.Validate(this.Scopes);
-                if (!invalidScopes.IsEmpty)
+                var unknownScopes = AdoPat.Scopes.Validate(this.Scopes);
+                if (!unknownScopes.IsEmpty)
                 {
-                    foreach (var scope in invalidScopes)
+                    foreach (var scope in unknownScopes)
                     {
-                        logger.LogError($"{scope} is not a valid Azure DevOps PAT scope.");
+                        logger.LogError($"{scope} is not a known Azure DevOps PAT scope.");
                     }
-                    logger.LogError($"Consult {AdoPat.Constants.PatListURL} for a list of valid scopes.");
+                    logger.LogError($"Consult {AdoPat.Constants.PatListURL} for a list of known scopes.");
+                    logger.LogError($"Use {AllowCustomScopesFlag} to create a PAT with custom scopes.");
                     validOptions = false;
                 }
             }