When exactly did this happen?

For my small test organization the paging logic works. Is it possible that your organization has really many repositories and SmartGit is not actually stuck but it only takes a long time to complete? When comparing:

https://dev.azure.com/org1/_apis/git/repositories?api-version=6.1-preview.1&$top=50&$skip=0

and:

https://dev.azure.com/org2/_apis/git/repositories?api-version=6.1-preview.1&$top=50&$skip=50

in your browser, are results different?

> I tested connecting using an OAuth token when "Allow Third-party Application access via OAuth" was turned off for the org in Azure DevOps (see screenshot) and got an HTTP 401 response, so it would helpful to add some instructional text in the dialog box to note that this needs to be turned on in the org.

Thanks for this hint! Usually we collect possible problems with Hosting Provider setups in our docs, hence I have added this information there: https://www.syntevo.com/doc/display/SG/Azure+DevOps

> Also, I had real problems creating an OAuth token for an org where I authenticate with a different MS account than the one I'm logged into my Windows workstation with, so I gave up and used a PAT instead.

So you can't simply switch accounts in your browser? This works fine for e.g. GitHub/Bitbucket, but I understand that for Azure authentication maybe somehow be tied to your workstation login. In this case, I agree, PATs may be the best choice.

> Since authenticating with OAuth tokens for multiple MS accounts could be problematic, you might get fewer support request from users if you encourage PATs over OAuth.

I'm wondering how common it is with Azure that one user has multiple accounts? Why do you as a single person have multiple accounts? Note that you wrote about "multiple Azure DevOps instances" which is something different: there must be a way to switch between them in the browser and then OAuth should work out-of-the-box.

> For PATs, it would also be helpful to add some text on the Azure DevOps Configure Hosting Provider dialog to explain that a PAT only needs Code Read/Write permissions but access to all accessible orgs.

I have checked related code, but it can only distinguish between automatic generated tokens and manually entered tokens. After the token has been confirmed such an info could be displayed. But especially during setup while the user may type/paste anything into the Token text field, I can't tell whether this is a PAT or not. Hence, providing a reliable text here is a bit tricky.

> BTW , by "Retract Pull Request" do you mean "Abandon"?

SmartGit is using "Retract" for outgoing pull requests. For all Hosting Providers, the underlying commands which will be executed are identical to Rejecting a pull request. Hence, for the next build, I have switched from "Retract" to "Reject", except for Azure DevOps which will use "Abandon" instead of "Retract"/"Reject".

I'm not planning to support PATs which are limited to certain organizations. Note that PATs are anyway only a workaround in case your have troubles with OAuth authentication (usually you shouldn't have). Such limited PATs would make several code parts more complicated. For example, already "_apis/profile/profiles/me" fails.

If you have different user accounts (=emails), that should be supported by setting up one Azure DevOps Hosting Provider per account.

@hrant and @Martillo, thanks for your testing and feedback! I have now uploaded build 17071 (Help|Check for Latest Build) with following changes:

• Settings are now per-user and cross-account, because OAuth tokens and PATs are, too. The "user ID" which is required for pull request comments is detected from REST call "_apis/profile/profiles/me". Assigned organizations are detected from REST call "_apis/accounts". There can be multiple Azure DevOps Hosting Provider configurations (for different user accounts). The assigned organizations will be used to map repository URLs to those settings. I didn't test with multiple user accounts, though.
• fix setup with PATs (sometimes it worked, most times it didn't)
• OAuth app-callback should only be used URL-encoded
• improved "No refresh-token present" error message

Note, that:

• You will have to recreate your Hosting Provider configuration!
• PATs are only a workaround, the recommended setup is using OAuth
• "visualstudio.com" URLs are not supported

You can manually change the Organization ("Account") in the Azure DevOps account dialog. But as pointed out in my last comment, I hope to get rid of the Account entirely. Can you please give the clone, as outlined above, a try?

I'm wondering whether we need accounts/usernames at all. OAuth tokens/PATs already seem to uniquely identify the users. I couldn't find any official statement in the REST API docs about this, but I found the following:

https://github.com/MicrosoftDocs/azure-devops-docs/issues/2455#issuecomment-439503194

The same is also true for GitHub, Bitbucket and GitLab. For my experiments, I could now also successfully use the OAuth token and a PAT to access repositories of my two test organizations. For PATs, it's important to give them access to "All accessible organizations"; scope Code Read&Write should be sufficient.

@hrant and @Martillo, can you please confirm that you are able to access all of your (private) repositories when creating such a PAT:

git clone https://anything:<PAT>@dev.azure.com/yourOrgName/yourProjectName/_git/yourRepoName

Note that there is another bug in SmartGit's latest build which prevents PATs from working correctly (almost always), hence it's not yet expected to work from within SmartGit.

At which point would SmartGit get in touch with an "org.visualstudio.com"-URL? None of your above logs mentions "org.visualstudio.com".

> 2- Digging further on why I was not seeing the Azure logo on branches, it dawned on me that our organization still uses > the older visualstudio domain format

> `https://org.visualstudio.com` instead of `https://dev.azure.com/org`

Do you think that this could be a common problem? Any ideas how SmartGit could detect this problem?

:D That is really good to hear! Hence, from my understanding following issues are still open:

- some error messages are still mentioning "Bitbucket"
- the rundll32-link should better be encoded: it seems encoded version is working for all of us with all browser
- improve "no refresh-token present" error message
- personal access tokens: I can reproduce the 401 for "https://app.vssps.visualstudio.com/_apis/profile/profiles/me" now -- I guess since introducing that call I didn't check again with PATs, sorry for that ...