如何使用 PowerShell 中通过客户端凭据流生成的不记名令牌来调用 DevOps REST API？

我正在开发一个 DevOps 自动化项目，需要使用 OAuth 2.0 客户端凭据流对 REST API 进行身份验证。具体来说，我想：

• 使用客户端凭证流程获取不记名令牌。
• 使用令牌进行身份验证并向 REST API 端点（如列表项目）发出请求。

这是我迄今为止编写的 PowerShell 脚本：

$tenantId = "xxxxxxxx"
$clientId = "xxxxxxxx"
$clientSecret = "xxxxxxxx"
$scope = "https://dev.azure.com/.default" 
$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"

$body = @{
    client_id     = $clientId
    client_secret = $clientSecret
    scope         = $scope
    grant_type    = "client_credentials"
}

$response = Invoke-RestMethod -Uri $tokenUrl -Method Post -ContentType "application/x-www-form-urlencoded" -Body $body

$accessToken = $response.access_token

$apiUrl = "https://dev.azure.com/{organization}/_apis/projects?api-version=7.1"
$headers = @{
    "Authorization" = "Bearer $accessToken"
}

$apiResponse = Invoke-RestMethod -Uri $apiUrl -Headers $headers -Method Get

$apiResponse

但是，当我运行脚本时，出现以下错误：

Invoke-RestMethod : {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://dev.azure.com was not found in the tenant named Contoso. 
This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication 
request to the wrong tenant. Trace ID: 49b4c197-620b-4384-b2da-4eafc8771300 Correlation ID: b8253a59-0487-499f-8072-b4299a6186e5 Timestamp: 2024-11-22 
10:55:21Z","error_codes":[500011],"timestamp":"2024-11-22 10:55:21Z","trace_id":"49b4c197-620b-4384-b2da-4eafc8771300","correlation_id":"b8253a59-0487-499f-8072-b4299a6186e5","error_uri":"https://login.microsoftonline.com/error?code=500011"}
At line:14 char:13

该错误似乎表明在我的租户中找不到资源 https://dev.azure.com，或者租户中的任何人尚未安装或同意该应用程序。

以前有人遇到过这种情况吗？我想知道：

为什么我会收到此错误，如何修复它？将客户端凭据与 Azure DevOps API 结合使用是否需要任何其他权限或步骤？

提前致谢！