From e5a4c64c366b7c8d46e3c1e3eae8c36c1790b781 Mon Sep 17 00:00:00 2001
From: Alitzel Mendez <almend@microsoft.com>
Date: Mon, 8 Dec 2025 17:20:11 -0800
Subject: [PATCH] Feedback

---
 .../templates/steps/create-apireview.yml         |  5 +----
 eng/common/scripts/Create-APIReview.ps1          | 16 +++++++++-------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/eng/common/pipelines/templates/steps/create-apireview.yml b/eng/common/pipelines/templates/steps/create-apireview.yml
index b65251c1e..85c4216ad 100644
--- a/eng/common/pipelines/templates/steps/create-apireview.yml
+++ b/eng/common/pipelines/templates/steps/create-apireview.yml
@@ -26,9 +26,6 @@ parameters:
   - name: PackageInfoFiles
     type: object
     default: []
-  - name: AzureServiceConnection
-    type: string
-    default: 'APIView prod deployment'
 
 steps:
   # Automatic API review is generated for a package when pipeline runs irrespective of how pipeline gets triggered.
@@ -42,7 +39,7 @@ steps:
 
     - task: AzureCLI@2
       inputs:
-        azureSubscription: ${{ parameters.AzureServiceConnection }}
+        azureSubscription: 'APIView prod deployment'
         scriptType: pscore
         scriptLocation: scriptPath
         scriptPath: ${{ parameters.SourceRootPath }}/eng/common/scripts/Create-APIReview.ps1
diff --git a/eng/common/scripts/Create-APIReview.ps1 b/eng/common/scripts/Create-APIReview.ps1
index 9ed95069e..86b95ed0e 100644
--- a/eng/common/scripts/Create-APIReview.ps1
+++ b/eng/common/scripts/Create-APIReview.ps1
@@ -23,17 +23,19 @@ Set-StrictMode -Version 3
 . (Join-Path $PSScriptRoot Helpers ApiView-Helpers.ps1)
 
 # Get Bearer token for APIView authentication
+# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal
 function Get-ApiViewBearerToken()
 {
-    $audience = "api://apiview"
     try {
-        $tokenResponse = az account get-access-token --resource $audience --output json 2>$null | ConvertFrom-Json
-        if ($tokenResponse -and $tokenResponse.accessToken) {
-            return $tokenResponse.accessToken
+        $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1
+        if ($LASTEXITCODE -ne 0) {
+            Write-Error "Failed to acquire access token: $tokenResponse"
+            return $null
         }
-        return $null
+        return ($tokenResponse | ConvertFrom-Json).accessToken
     }
     catch {
+        Write-Error "Failed to acquire access token: $($_.Exception.Message)"
         return $null
     }
 }
@@ -99,7 +101,7 @@ function Upload-SourceArtifact($filePath, $apiLabel, $releaseStatus, $packageVer
     $bearerToken = Get-ApiViewBearerToken
     if (-not $bearerToken) {
         Write-Error "Failed to acquire Bearer token for APIView authentication."
-        return 401
+        return [System.Net.HttpStatusCode]::Unauthorized
     }
     
     $headers = @{
@@ -150,7 +152,7 @@ function Upload-ReviewTokenFile($packageName, $apiLabel, $releaseStatus, $review
     $bearerToken = Get-ApiViewBearerToken
     if (-not $bearerToken) {
         Write-Error "Failed to acquire Bearer token for APIView authentication."
-        return 401
+        return [System.Net.HttpStatusCode]::Unauthorized
     }
     
     $headers = @{