Add --allow-custom-scopes flag to skip scope validation. (#369)

* Add no-validate flag to skip scope validation

* Shorten help text for no-validate flag

* rename the flag and address review comments

* Fix typo in doc

Author: Haard30

CHANGELOG.md

@@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 ### Added
+- Added `--allow-custom-scopes` flag to skip validation and allow custom Azure DevOps PAT scopes.
 - Added new sub-command `azureauth ado pat scopes` to list the set of actual scopes the `pat` command validates against and print the short-link to the pat scopes docs.
 
 ## [0.8.4] - 2023-09-05

src/AdoPat/Scopes.cs

@@ -145,8 +145,8 @@ public static class Scopes
 
         /// <summary>Validate the given scopes.</summary>
         /// <param name="scopes">The scopes to validate.</param>
-        /// <returns>The set of invalid scopes present in the given scopes. The
-        /// empty set means no scopes were invalid.</returns>
+        /// <returns>The set of unknown scopes present in the given scopes. The
+        /// empty set means no scopes were unknown.</returns>
         public static ImmutableHashSet<string> Validate(IEnumerable<string> scopes)
         {
             return scopes.Except(ValidScopes).ToImmutableHashSet();

src/AzureAuth/Commands/Ado/CommandPat.cs

@@ -37,6 +37,9 @@ public class CommandPat
         private const string ScopeOption = "--scope";
         private const string ScopeHelp = "A token scope for accessing Azure DevOps resources. Repeated invocations allowed.";
 
+        private const string AllowCustomScopesFlag = "--allow-custom-scopes";
+        private const string AllowCustomScopesHelp = "Skip validation and allow custom Azure DevOps PAT scopes.";
+
         private const string OutputOption = "--output";
         private const string OutputHelp = "How PAT information is displayed. [default: token]\n[possible values: none, status, token, base64, header, headervalue, json]";
 
@@ -76,6 +79,9 @@ private enum OutputMode
         [Option(ScopeOption, ScopeHelp, CommandOptionType.MultipleValue)]
         private IEnumerable<string> RawScopes { get; set; } = null;
 
+        [Option(AllowCustomScopesFlag, AllowCustomScopesHelp, CommandOptionType.NoValue)]
+        private bool AllowCustomScopes { get; set; }
+
         [Option(OutputOption, OutputHelp, CommandOptionType.SingleValue)]
         private OutputMode Output { get; set; } = OutputMode.Token;
 
@@ -167,16 +173,21 @@ private bool ValidOptions(ILogger logger)
                 logger.LogError($"The {ScopeOption} field is required.");
                 validOptions = false;
             }
+            else if (AllowCustomScopes)
+            {
+                logger.LogWarning($"Skipping scopes validation.");
+            }
             else
             {
-                var invalidScopes = AdoPat.Scopes.Validate(this.Scopes);
-                if (!invalidScopes.IsEmpty)
+                var unknownScopes = AdoPat.Scopes.Validate(this.Scopes);
+                if (!unknownScopes.IsEmpty)
                 {
-                    foreach (var scope in invalidScopes)
+                    foreach (var scope in unknownScopes)
                     {
-                        logger.LogError($"{scope} is not a valid Azure DevOps PAT scope.");
+                        logger.LogError($"{scope} is not a known Azure DevOps PAT scope.");
                     }
-                    logger.LogError($"Consult {AdoPat.Constants.PatListURL} for a list of valid scopes.");
+                    logger.LogError($"Consult {AdoPat.Constants.PatListURL} for a list of known scopes.");
+                    logger.LogError($"Use {AllowCustomScopesFlag} to create a PAT with custom scopes.");
                     validOptions = false;
                 }
             }