We’ve developed a small SPA wrapper for OD, called Tenant Overview, setting up a matrix with projects and tenants, giving access to view and deploy misc. ‘stacks’ from a single page. So far this is just an anonymous page, getting access via en API key. Recently we integrated our OD instance with Azure AD, to align with our other development tools and getting MFA and SSO. We looking into integrating AAD with our Tenant Overview SPA, so we both get authentication and authorization in order.
The question is whether it is possible to access the OD API with an AAD issued oAuth token or some how exchange the oAuth token to a user specific API key.
Unfortunately, interacting with the OD API is only possible with a specific user or service account API key.
This is something that you could raise on our user voice site for our Product team to consider if it is something that we could add: https://octopusdeploy.uservoice.com/
When you write a specific user or service account API key, I expect it means either a user api key og service account api key - either way, always an API key right?