Support Modern OAuth Authentication Instead of PAT for Aha! Roadmaps Azure DevOps Integrations

We are currently using Aha! Roadmaps and asking for consideration of implementing OAuth authentication when setting up the integration to Azure DevOps Services. With Microsoft making the push towards strengthening their customers security posture, they are recommending exploring alternative options using Microsoft Entra. We would like to submit this idea to have OAuth authentication implemented when setting up the integration between an Aha! Roadmaps workspace and Azure DevOps Services.

Some key reasons why we are requesting this idea:

PATs pose a security risk - Because PATs are often long-lived, can be over-scoped, and sometimes stored insecurely, they become attractive targets for unauthorized access.

Better alternatives now exist - The blog recommends using Microsoft Entra-based tokens instead of PATs when possible. These tokens are seen as more secure.

Shorter token lifespan reduces risk - Entra tokens expire after an hour and must be refreshed, which reduces the attack window compared to long-living PATs.

Stronger authentication protocols - The protocols used to generate Entra tokens are “generally considered more robust and secure” than PAT.

Support for modern security controls - Entra supports features like conditional access policies, which help protect against token theft and replay attacks — protections PATs don’t provide.

Reducing "token sprawl" from easy PAT generation - As a concrete step, Azure DevOps is removing UI features that encouraged easy generation of PATs (e.g. “Generate Git Credentials” button), because many of those tokens ended up unused or under-utilized.

References:

https://devblogs.microsoft.com/devops/reducing-pat-usage-across-azure-devops/

https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows