diff --git a/components/dashboard/src/components/RepositoryFinder.tsx b/components/dashboard/src/components/RepositoryFinder.tsx
index 108a763e487793..98c4e0d1bb4c0a 100644
--- a/components/dashboard/src/components/RepositoryFinder.tsx
+++ b/components/dashboard/src/components/RepositoryFinder.tsx
@@ -318,6 +318,20 @@ export default function RepositoryFinder({
                 });
             }
 
+            if (searchString.length >= 3 && authProviders.data?.some((p) => p.type === AuthProviderType.AZURE_DEVOPS)) {
+                // ENT-780
+                result.push({
+                    id: "azure-devops",
+                    element: (
+                        <div className="text-sm text-pk-content-tertiary flex items-center">
+                            <Exclamation2 className="w-4 h-4 mr-2" />
+                            <span>Azure DevOps doesn't support repository searching.</span>
+                        </div>
+                    ),
+                    isSelectable: false,
+                });
+            }
+
             if (searchString.length < 3) {
                 // add an element that tells the user to type more
                 result.push({
diff --git a/components/dashboard/src/data/auth-providers/auth-provider-options-query.ts b/components/dashboard/src/data/auth-providers/auth-provider-options-query.ts
new file mode 100644
index 00000000000000..958d74581376af
--- /dev/null
+++ b/components/dashboard/src/data/auth-providers/auth-provider-options-query.ts
@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { AuthProviderType } from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb";
+import { isGitpodIo } from "../../utils";
+import { useMemo } from "react";
+
+const optionsForPAYG = [
+    { type: AuthProviderType.GITHUB, label: "GitHub" },
+    { type: AuthProviderType.GITLAB, label: "GitLab" },
+    { type: AuthProviderType.BITBUCKET_SERVER, label: "Bitbucket Server" },
+    { type: AuthProviderType.BITBUCKET, label: "Bitbucket Cloud" },
+];
+
+const optionsForEnterprise = [...optionsForPAYG, { type: AuthProviderType.AZURE_DEVOPS, label: "Azure DevOps" }];
+
+export const isSupportAzureDevOpsIntegration = () => {
+    return isGitpodIo();
+};
+
+export const useAuthProviderOptionsQuery = (isOrgLevel: boolean) => {
+    return useMemo(() => {
+        const isPAYG = isGitpodIo();
+        // Azure DevOps is not supported for PAYG users and is only available for org-level integrations
+        // because auth flow is identified by auth provider's host, which will always be `dev.azure.com`
+        //
+        // Don't remove this until we can setup an generial application for Azure DevOps (investigate needed)
+        if (isPAYG || !isOrgLevel) {
+            return optionsForPAYG;
+        }
+        return optionsForEnterprise;
+    }, [isOrgLevel]);
+};
diff --git a/components/dashboard/src/data/auth-providers/create-org-auth-provider-mutation.ts b/components/dashboard/src/data/auth-providers/create-org-auth-provider-mutation.ts
index 5e26c643a0e610..eadffc8622d638 100644
--- a/components/dashboard/src/data/auth-providers/create-org-auth-provider-mutation.ts
+++ b/components/dashboard/src/data/auth-providers/create-org-auth-provider-mutation.ts
@@ -14,6 +14,8 @@ type CreateAuthProviderArgs = {
         clientId: string;
         clientSecret: string;
         orgId: string;
+        authorizationUrl?: string;
+        tokenUrl?: string;
     };
 };
 export const useCreateOrgAuthProviderMutation = () => {
@@ -28,6 +30,8 @@ export const useCreateOrgAuthProviderMutation = () => {
                     oauth2Config: {
                         clientId: provider.clientId,
                         clientSecret: provider.clientSecret,
+                        authorizationUrl: provider.authorizationUrl,
+                        tokenUrl: provider.tokenUrl,
                     },
                     type: provider.type,
                 }),
diff --git a/components/dashboard/src/data/auth-providers/create-user-auth-provider-mutation.ts b/components/dashboard/src/data/auth-providers/create-user-auth-provider-mutation.ts
index 998e08da506e9b..0f12d6c5f66877 100644
--- a/components/dashboard/src/data/auth-providers/create-user-auth-provider-mutation.ts
+++ b/components/dashboard/src/data/auth-providers/create-user-auth-provider-mutation.ts
@@ -14,6 +14,8 @@ type CreateAuthProviderArgs = {
         clientId: string;
         clientSecret: string;
         userId: string;
+        authorizationUrl?: string;
+        tokenUrl?: string;
     };
 };
 export const useCreateUserAuthProviderMutation = () => {
@@ -28,6 +30,8 @@ export const useCreateUserAuthProviderMutation = () => {
                     oauth2Config: {
                         clientId: provider.clientId,
                         clientSecret: provider.clientSecret,
+                        authorizationUrl: provider.authorizationUrl,
+                        tokenUrl: provider.tokenUrl,
                     },
                     type: provider.type,
                 }),
diff --git a/components/dashboard/src/data/auth-providers/update-org-auth-provider-mutation.ts b/components/dashboard/src/data/auth-providers/update-org-auth-provider-mutation.ts
index 5c24d0d0afd65a..66570b84be28c2 100644
--- a/components/dashboard/src/data/auth-providers/update-org-auth-provider-mutation.ts
+++ b/components/dashboard/src/data/auth-providers/update-org-auth-provider-mutation.ts
@@ -14,6 +14,8 @@ type UpdateAuthProviderArgs = {
         id: string;
         clientId: string;
         clientSecret: string;
+        authorizationUrl?: string;
+        tokenUrl?: string;
     };
 };
 export const useUpdateOrgAuthProviderMutation = () => {
@@ -26,6 +28,8 @@ export const useUpdateOrgAuthProviderMutation = () => {
                     authProviderId: provider.id,
                     clientId: provider.clientId,
                     clientSecret: provider.clientSecret,
+                    authorizationUrl: provider.authorizationUrl,
+                    tokenUrl: provider.tokenUrl,
                 }),
             );
             return response.authProvider!;
diff --git a/components/dashboard/src/data/auth-providers/update-user-auth-provider-mutation.ts b/components/dashboard/src/data/auth-providers/update-user-auth-provider-mutation.ts
index 046fa61ad376eb..cf99c98001467f 100644
--- a/components/dashboard/src/data/auth-providers/update-user-auth-provider-mutation.ts
+++ b/components/dashboard/src/data/auth-providers/update-user-auth-provider-mutation.ts
@@ -14,6 +14,8 @@ type UpdateAuthProviderArgs = {
         id: string;
         clientId: string;
         clientSecret: string;
+        authorizationUrl?: string;
+        tokenUrl?: string;
     };
 };
 export const useUpdateUserAuthProviderMutation = () => {
@@ -26,6 +28,8 @@ export const useUpdateUserAuthProviderMutation = () => {
                     authProviderId: provider.id,
                     clientId: provider.clientId,
                     clientSecret: provider.clientSecret,
+                    authorizationUrl: provider.authorizationUrl,
+                    tokenUrl: provider.tokenUrl,
                 }),
             );
             return response.authProvider!;
diff --git a/components/dashboard/src/images/azuredevops.svg b/components/dashboard/src/images/azuredevops.svg
new file mode 100644
index 00000000000000..3a1be63f162e06
--- /dev/null
+++ b/components/dashboard/src/images/azuredevops.svg
@@ -0,0 +1 @@
+<svg id="f4337506-5d95-4e80-b7ca-68498c6e008e" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18"><defs><linearGradient id="ba420277-700e-42cc-9de9-5388a5c16e54" x1="9" y1="16.97" x2="9" y2="1.03" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4" /><stop offset="0.16" stop-color="#1380da" /><stop offset="0.53" stop-color="#3c91e5" /><stop offset="0.82" stop-color="#559cec" /><stop offset="1" stop-color="#5ea0ef" /></linearGradient></defs><title>Icon-devops-261</title><path id="a91f0ca4-8fb7-4019-9c09-0a52e2c05754" d="M17,4v9.74l-4,3.28-6.2-2.26V17L3.29,12.41l10.23.8V4.44Zm-3.41.49L7.85,1V3.29L2.58,4.84,1,6.87v4.61l2.26,1V6.57Z" fill="url(#ba420277-700e-42cc-9de9-5388a5c16e54)" /></svg>
diff --git a/components/dashboard/src/provider-utils.tsx b/components/dashboard/src/provider-utils.tsx
index f1c56442747aea..c12e9e1c73c21c 100644
--- a/components/dashboard/src/provider-utils.tsx
+++ b/components/dashboard/src/provider-utils.tsx
@@ -8,6 +8,7 @@ import { AuthProviderType } from "@gitpod/public-api/lib/gitpod/v1/authprovider_
 import bitbucket from "./images/bitbucket.svg";
 import github from "./images/github.svg";
 import gitlab from "./images/gitlab.svg";
+import azuredevops from "./images/azuredevops.svg";
 import { gitpodHostUrl } from "./service/service";
 
 function iconForAuthProvider(type: string | AuthProviderType) {
@@ -24,6 +25,9 @@ function iconForAuthProvider(type: string | AuthProviderType) {
         case "BitbucketServer":
         case AuthProviderType.BITBUCKET_SERVER:
             return <img className="fill-current filter-grayscale w-5 h-5 ml-3 mr-3 my-auto" src={bitbucket} alt="" />;
+        case "AzureDevOps":
+        case AuthProviderType.AZURE_DEVOPS:
+            return <img className="fill-current filter-grayscale w-5 h-5 ml-3 mr-3 my-auto" src={azuredevops} alt="" />;
         default:
             return <></>;
     }
@@ -39,6 +43,8 @@ export function toAuthProviderLabel(type: AuthProviderType) {
             return "Bitbucket Cloud";
         case AuthProviderType.BITBUCKET_SERVER:
             return "Bitbucket Server";
+        case AuthProviderType.AZURE_DEVOPS:
+            return "Azure DevOps";
         default:
             return "-";
     }
@@ -52,6 +58,8 @@ function simplifyProviderName(host: string) {
             return "GitLab";
         case "bitbucket.org":
             return "Bitbucket";
+        case "dev.azure.com":
+            return "Azure DevOps";
         default:
             return host;
     }
diff --git a/components/dashboard/src/teams/git-integrations/GitIntegrationModal.tsx b/components/dashboard/src/teams/git-integrations/GitIntegrationModal.tsx
index c168355699031b..8223092119770a 100644
--- a/components/dashboard/src/teams/git-integrations/GitIntegrationModal.tsx
+++ b/components/dashboard/src/teams/git-integrations/GitIntegrationModal.tsx
@@ -24,6 +24,10 @@ import { useCreateOrgAuthProviderMutation } from "../../data/auth-providers/crea
 import { useUpdateOrgAuthProviderMutation } from "../../data/auth-providers/update-org-auth-provider-mutation";
 import { authProviderClient, userClient } from "../../service/public-api";
 import { LoadingButton } from "@podkit/buttons/LoadingButton";
+import {
+    isSupportAzureDevOpsIntegration,
+    useAuthProviderOptionsQuery,
+} from "../../data/auth-providers/auth-provider-options-query";
 
 type Props = {
     provider?: AuthProvider;
@@ -37,6 +41,10 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
     const [host, setHost] = useState<string>(props.provider?.host ?? "");
     const [clientId, setClientId] = useState<string>(props.provider?.oauth2Config?.clientId ?? "");
     const [clientSecret, setClientSecret] = useState<string>(props.provider?.oauth2Config?.clientSecret ?? "");
+    const [authorizationUrl, setAuthorizationUrl] = useState(props.provider?.oauth2Config?.authorizationUrl ?? "");
+    const [tokenUrl, setTokenUrl] = useState(props.provider?.oauth2Config?.tokenUrl ?? "");
+    const availableProviderOptions = useAuthProviderOptionsQuery(true);
+    const supportAzureDevOps = isSupportAzureDevOpsIntegration();
 
     const [savedProvider, setSavedProvider] = useState(props.provider);
     const isNew = !savedProvider;
@@ -82,6 +90,21 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
         clientSecret.trim().length > 0,
     );
 
+    const {
+        message: authorizationUrlError,
+        onBlur: authorizationUrlOnBlur,
+        isValid: authorizationUrlValid,
+    } = useOnBlurError(
+        `Authorization URL is missing.`,
+        type !== AuthProviderType.AZURE_DEVOPS || authorizationUrl.trim().length > 0,
+    );
+
+    const {
+        message: tokenUrlError,
+        onBlur: tokenUrlOnBlur,
+        isValid: tokenUrlValid,
+    } = useOnBlurError(`Token URL is missing.`, type !== AuthProviderType.AZURE_DEVOPS || tokenUrl.trim().length > 0);
+
     // Call our error onBlur handler, and remove prefixed "https://"
     const hostOnBlur = useCallback(() => {
         hostOnBlurErrorTracking();
@@ -112,6 +135,8 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
 
         const trimmedId = clientId.trim();
         const trimmedSecret = clientSecret.trim();
+        const trimmedAuthorizationUrl = authorizationUrl.trim();
+        const trimmedTokenUrl = tokenUrl.trim();
 
         try {
             let newProvider: AuthProvider;
@@ -123,6 +148,8 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
                         orgId: team.id,
                         clientId: trimmedId,
                         clientSecret: trimmedSecret,
+                        authorizationUrl: trimmedAuthorizationUrl,
+                        tokenUrl: trimmedTokenUrl,
                     },
                 });
             } else {
@@ -131,6 +158,8 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
                         id: savedProvider.id,
                         clientId: trimmedId,
                         clientSecret: clientSecret === "redacted" ? "" : trimmedSecret,
+                        authorizationUrl: trimmedAuthorizationUrl,
+                        tokenUrl: trimmedTokenUrl,
                     },
                 });
             }
@@ -181,6 +210,8 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
     }, [
         clientId,
         clientSecret,
+        authorizationUrl,
+        tokenUrl,
         host,
         invalidateOrgAuthProviders,
         isNew,
@@ -196,8 +227,8 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
     ]);
 
     const isValid = useMemo(
-        () => clientIdValid && clientSecretValid && hostValid,
-        [clientIdValid, clientSecretValid, hostValid],
+        () => clientIdValid && clientSecretValid && hostValid && authorizationUrlValid && tokenUrlValid,
+        [clientIdValid, clientSecretValid, hostValid, authorizationUrlValid, tokenUrlValid],
     );
 
     const getNumber = (paramValue: string | null) => {
@@ -223,7 +254,8 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
             <ModalBody>
                 {isNew && (
                     <Subheading>
-                        Configure a Git Integration with a self-managed instance of GitLab, GitHub, or Bitbucket Server.
+                        Configure a Git Integration with a self-managed instance of GitLab, GitHub{" "}
+                        {supportAzureDevOps ? ", Bitbucket Server or Azure DevOps" : "or Bitbucket"}.
                     </Subheading>
                 )}
 
@@ -235,10 +267,11 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
                         topMargin={false}
                         onChange={(val) => setType(getNumber(val))}
                     >
-                        <option value={AuthProviderType.GITHUB}>GitHub</option>
-                        <option value={AuthProviderType.GITLAB}>GitLab</option>
-                        <option value={AuthProviderType.BITBUCKET}>Bitbucket Cloud</option>
-                        <option value={AuthProviderType.BITBUCKET_SERVER}>Bitbucket Server</option>
+                        {availableProviderOptions.map((option) => (
+                            <option key={option.type} value={option.type}>
+                                {option.label}
+                            </option>
+                        ))}
                     </SelectInputField>
                     <TextInputField
                         label="Provider Host Name"
@@ -254,6 +287,25 @@ export const GitIntegrationModal: FunctionComponent<Props> = (props) => {
                         <InputWithCopy value={redirectURL} tip="Copy the redirect URI to clipboard" />
                     </InputField>
 
+                    {type === AuthProviderType.AZURE_DEVOPS && (
+                        <>
+                            <TextInputField
+                                label="Authorization URL"
+                                value={authorizationUrl}
+                                error={authorizationUrlError}
+                                onBlur={authorizationUrlOnBlur}
+                                onChange={setAuthorizationUrl}
+                            />
+                            <TextInputField
+                                label="Token URL"
+                                value={tokenUrl}
+                                error={tokenUrlError}
+                                onBlur={tokenUrlOnBlur}
+                                onChange={setTokenUrl}
+                            />
+                        </>
+                    )}
+
                     <TextInputField
                         label={type === AuthProviderType.GITLAB ? "Application ID" : "Client ID"}
                         value={clientId}
@@ -314,6 +366,8 @@ const getPlaceholderForIntegrationType = (type: AuthProviderType) => {
             return "bitbucket.org";
         case AuthProviderType.BITBUCKET_SERVER:
             return "bitbucket.example.com";
+        case AuthProviderType.AZURE_DEVOPS:
+            return "dev.azure.com";
         default:
             return "";
     }
@@ -337,6 +391,9 @@ const RedirectUrlDescription: FunctionComponent<RedirectUrlDescriptionProps> = (
         case AuthProviderType.BITBUCKET_SERVER:
             docsUrl = "https://www.gitpod.io/docs/configure/authentication/bitbucket-server";
             break;
+        case AuthProviderType.AZURE_DEVOPS:
+            docsUrl = "https://www.gitpod.io/docs/configure/authentication/azure-devops";
+            break;
         default:
             return null;
     }
diff --git a/components/dashboard/src/user-settings/AuthEntryItem.tsx b/components/dashboard/src/user-settings/AuthEntryItem.tsx
index e076726ceb5aac..7c457ede4aee2e 100644
--- a/components/dashboard/src/user-settings/AuthEntryItem.tsx
+++ b/components/dashboard/src/user-settings/AuthEntryItem.tsx
@@ -9,6 +9,7 @@ import { ContextMenuEntry } from "../components/ContextMenu";
 import { Item, ItemFieldIcon, ItemField, ItemFieldContextMenu } from "../components/ItemsList";
 import { AuthProviderDescription } from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb";
 import { toAuthProviderLabel } from "../provider-utils";
+import { getScopeNameForScope } from "@gitpod/public-api-common/lib/auth-providers";
 
 interface AuthEntryItemParams {
     ap: AuthProviderDescription;
@@ -53,7 +54,7 @@ export const AuthEntryItem = (props: AuthEntryItemParams) => {
             </ItemField>
             <ItemField className="hidden xl:w-1/3 xl:flex xl:flex-col my-auto">
                 <span className="my-auto truncate text-gray-500 overflow-ellipsis dark:text-gray-400">
-                    {props.getPermissions(props.ap.id)?.join(", ") || "–"}
+                    {props.getPermissions(props.ap.id)?.map(getScopeNameForScope)?.join(", ") || "–"}
                 </span>
                 <span className="text-sm my-auto text-gray-400 dark:text-gray-500">Permissions</span>
             </ItemField>
diff --git a/components/dashboard/src/user-settings/Integrations.tsx b/components/dashboard/src/user-settings/Integrations.tsx
index 415606cbab470c..23486e4d211212 100644
--- a/components/dashboard/src/user-settings/Integrations.tsx
+++ b/components/dashboard/src/user-settings/Integrations.tsx
@@ -4,7 +4,12 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import { getRequiredScopes, getScopesForAuthProviderType } from "@gitpod/public-api-common/lib/auth-providers";
+import {
+    AzureDevOpsOAuthScopes,
+    getRequiredScopes,
+    getScopeNameForScope,
+    getScopesForAuthProviderType,
+} from "@gitpod/public-api-common/lib/auth-providers";
 import { SelectAccountPayload } from "@gitpod/gitpod-protocol/lib/auth";
 import { useQuery } from "@tanstack/react-query";
 import { useCallback, useContext, useEffect, useMemo, useState } from "react";
@@ -41,6 +46,7 @@ import { useDeleteUserAuthProviderMutation } from "../data/auth-providers/delete
 import { Button } from "@podkit/buttons/Button";
 import { isOrganizationOwned } from "@gitpod/public-api-common/lib/user-utils";
 import { InputWithCopy } from "../components/InputWithCopy";
+import { useAuthProviderOptionsQuery } from "../data/auth-providers/auth-provider-options-query";
 
 export default function Integrations() {
     return (
@@ -89,6 +95,11 @@ const getDescriptionForScope = (scope: string) => {
             return "Allow creating, merging and declining pull requests (note: Bitbucket doesn't support revoking scopes)";
         case "webhook":
             return "Allow installing webhooks (used when enabling prebuilds for a repository, note: Bitbucket doesn't support revoking scopes)";
+        // Azure DevOps
+        case AzureDevOpsOAuthScopes.WRITE_REPO:
+            return "Code read and write permissions";
+        case AzureDevOpsOAuthScopes.READ_USER:
+            return "Read user profile";
         default:
             return "";
     }
@@ -333,7 +344,7 @@ function GitProviders() {
                                     <CheckboxInputField
                                         key={scope}
                                         value={scope}
-                                        label={scope + (isRequired ? " (required)" : "")}
+                                        label={getScopeNameForScope(scope) + (isRequired ? " (required)" : "")}
                                         hint={getDescriptionForScope(scope)}
                                         checked={editModal.nextScopes.has(scope)}
                                         disabled={isRequired}
@@ -556,6 +567,9 @@ export function GitIntegrationModal(
     const [host, setHost] = useState<string>("");
     const [clientId, setClientId] = useState<string>("");
     const [clientSecret, setClientSecret] = useState<string>("");
+    const [authorizationUrl, setAuthorizationUrl] = useState("");
+    const [tokenUrl, setTokenUrl] = useState("");
+
     const [busy, setBusy] = useState<boolean>(false);
     const [errorMessage, setErrorMessage] = useState<string | undefined>();
     const [validationError, setValidationError] = useState<string | undefined>();
@@ -563,6 +577,8 @@ export function GitIntegrationModal(
     const createProvider = useCreateUserAuthProviderMutation();
     const updateProvider = useUpdateUserAuthProviderMutation();
 
+    const availableProviderOptions = useAuthProviderOptionsQuery(false);
+
     useEffect(() => {
         setMode(props.mode);
         if (props.mode === "edit") {
@@ -571,6 +587,8 @@ export function GitIntegrationModal(
             setHost(props.provider.host);
             setClientId(props.provider.oauth2Config?.clientId || "");
             setClientSecret(props.provider.oauth2Config?.clientSecret || "");
+            setAuthorizationUrl(props.provider.oauth2Config?.authorizationUrl || "");
+            setTokenUrl(props.provider.oauth2Config?.tokenUrl || "");
         }
         // eslint-disable-next-line react-hooks/exhaustive-deps
     }, []);
@@ -579,7 +597,7 @@ export function GitIntegrationModal(
         setErrorMessage(undefined);
         validate();
         // eslint-disable-next-line react-hooks/exhaustive-deps
-    }, [clientId, clientSecret, type]);
+    }, [clientId, clientSecret, authorizationUrl, tokenUrl, type]);
 
     const onClose = () => props.onClose && props.onClose();
     const onUpdate = () => props.onUpdate && props.onUpdate();
@@ -595,6 +613,8 @@ export function GitIntegrationModal(
                     provider: {
                         clientId,
                         clientSecret,
+                        authorizationUrl,
+                        tokenUrl,
                         type,
                         host,
                         userId: props.userId,
@@ -606,6 +626,8 @@ export function GitIntegrationModal(
                         id: providerEntry?.id || "",
                         clientId,
                         clientSecret: clientSecret === "redacted" ? "" : clientSecret,
+                        authorizationUrl,
+                        tokenUrl,
                     },
                 });
             }
@@ -682,6 +704,12 @@ export function GitIntegrationModal(
     const updateClientSecret = (value: string) => {
         setClientSecret(value.trim());
     };
+    const updateAuthorizationUrl = (value: string) => {
+        setAuthorizationUrl(value.trim());
+    };
+    const updateTokenUrl = (value: string) => {
+        setTokenUrl(value.trim());
+    };
 
     const validate = () => {
         const errors: string[] = [];
@@ -691,6 +719,14 @@ export function GitIntegrationModal(
         if (clientSecret.trim().length === 0) {
             errors.push(`${type === AuthProviderType.GITLAB ? "Secret" : "Client Secret"} is missing.`);
         }
+        if (type === AuthProviderType.AZURE_DEVOPS) {
+            if (authorizationUrl.trim().length === 0) {
+                errors.push("Authorization URL is missing.");
+            }
+            if (tokenUrl.trim().length === 0) {
+                errors.push("Token URL is missing.");
+            }
+        }
         if (errors.length === 0) {
             setValidationError(undefined);
             return true;
@@ -701,6 +737,22 @@ export function GitIntegrationModal(
     };
 
     const getRedirectUrlDescription = (type: AuthProviderType, host: string) => {
+        if (type === AuthProviderType.AZURE_DEVOPS) {
+            return (
+                <span>
+                    Use this redirect URI to update the OAuth application and set it up.&nbsp;
+                    <a
+                        href="https://www.gitpod.io/docs/azure-devops-integration/#oauth-application"
+                        target="_blank"
+                        rel="noreferrer noopener"
+                        className="gp-link"
+                    >
+                        Learn more
+                    </a>
+                    .
+                </span>
+            );
+        }
         let settingsUrl = ``;
         switch (type) {
             case AuthProviderType.GITHUB:
@@ -759,6 +811,8 @@ export function GitIntegrationModal(
                 return "bitbucket.org";
             case AuthProviderType.BITBUCKET_SERVER:
                 return "bitbucket.example.com";
+            case AuthProviderType.AZURE_DEVOPS:
+                return "dev.azure.com";
             default:
                 return "";
         }
@@ -809,9 +863,11 @@ export function GitIntegrationModal(
                                 className="w-full"
                                 onChange={(e) => setType(getNumber(e.target.value))}
                             >
-                                <option value={AuthProviderType.GITHUB}>GitHub</option>
-                                <option value={AuthProviderType.GITLAB}>GitLab</option>
-                                <option value={AuthProviderType.BITBUCKET_SERVER}>Bitbucket Server</option>
+                                {availableProviderOptions.map((options) => (
+                                    <option key={options.type} value={options.type}>
+                                        {options.label}
+                                    </option>
+                                ))}
                             </select>
                         </div>
                     )}
@@ -849,6 +905,30 @@ export function GitIntegrationModal(
                         <InputWithCopy value={callbackUrl} tip="Copy the redirect URI to clipboard" />
                         <span className="text-gray-500 text-sm">{getRedirectUrlDescription(type, host)}</span>
                     </div>
+                    {type === AuthProviderType.AZURE_DEVOPS && (
+                        <>
+                            <div className="flex flex-col space-y-2">
+                                <label htmlFor="authorizationUrl" className="font-medium">{`Authorization URL`}</label>
+                                <input
+                                    name="Authorization URL"
+                                    type="text"
+                                    value={authorizationUrl}
+                                    className="w-full"
+                                    onChange={(e) => updateAuthorizationUrl(e.target.value)}
+                                />
+                            </div>
+                            <div className="flex flex-col space-y-2">
+                                <label htmlFor="tokenUrl" className="font-medium">{`Token URL`}</label>
+                                <input
+                                    name="Token URL"
+                                    type="text"
+                                    value={tokenUrl}
+                                    className="w-full"
+                                    onChange={(e) => updateTokenUrl(e.target.value)}
+                                />
+                            </div>
+                        </>
+                    )}
                     <div className="flex flex-col space-y-2">
                         <label htmlFor="clientId" className="font-medium">{`${
                             type === AuthProviderType.GITLAB ? "Application ID" : "Client ID"
diff --git a/components/gitpod-protocol/src/protocol.ts b/components/gitpod-protocol/src/protocol.ts
index 5e138830d3adb2..64f7cad9eacbe6 100644
--- a/components/gitpod-protocol/src/protocol.ts
+++ b/components/gitpod-protocol/src/protocol.ts
@@ -1404,16 +1404,30 @@ export interface OAuth2Config {
 }
 
 export namespace AuthProviderEntry {
-    export type Type = "GitHub" | "GitLab" | "Bitbucket" | "BitbucketServer" | string;
+    export type Type = "GitHub" | "GitLab" | "Bitbucket" | "BitbucketServer" | "AzureDevOps" | string;
     export type Status = "pending" | "verified";
+
+    /**
+     * Some auth providers require additional configuration like Azure DevOps.
+     */
+    export interface OAuth2CustomConfig {
+        /**
+         * The URL to the authorize endpoint of the provider.
+         */
+        authorizationUrl?: string;
+        /**
+         * The URL to the oauth token endpoint of the provider.
+         */
+        tokenUrl?: string;
+    }
     export type NewEntry = Pick<AuthProviderEntry, "ownerId" | "host" | "type"> & {
         clientId?: string;
         clientSecret?: string;
-    };
+    } & OAuth2CustomConfig;
     export type UpdateEntry = Pick<AuthProviderEntry, "id" | "ownerId"> & {
         clientId?: string;
         clientSecret?: string;
-    };
+    } & OAuth2CustomConfig;
     export type NewOrgEntry = NewEntry & {
         organizationId: string;
     };
@@ -1421,8 +1435,8 @@ export namespace AuthProviderEntry {
         clientId?: string;
         clientSecret?: string;
         organizationId: string;
-    };
-    export type UpdateOAuth2Config = Pick<OAuth2Config, "clientId" | "clientSecret">;
+    } & OAuth2CustomConfig;
+    export type UpdateOAuth2Config = Pick<OAuth2Config, "clientId" | "clientSecret"> & OAuth2CustomConfig;
     export function redact(entry: AuthProviderEntry): AuthProviderEntry {
         return {
             ...entry,
diff --git a/components/public-api/gitpod/v1/authprovider.proto b/components/public-api/gitpod/v1/authprovider.proto
index f6dfcb51283946..484493890e9ea0 100644
--- a/components/public-api/gitpod/v1/authprovider.proto
+++ b/components/public-api/gitpod/v1/authprovider.proto
@@ -82,6 +82,8 @@ message UpdateAuthProviderRequest {
   string auth_provider_id = 1;
   optional string client_id = 2;
   optional string client_secret = 3;
+  optional string authorization_url = 4;
+  optional string token_url = 5;
 }
 
 message UpdateAuthProviderResponse {
@@ -130,6 +132,8 @@ message AuthProvider {
 message OAuth2Config {
   string client_id = 1;
   string client_secret = 2;
+  string authorization_url = 3;
+  string token_url = 4;
 }
 
 enum AuthProviderType {
@@ -139,4 +143,5 @@ enum AuthProviderType {
   AUTH_PROVIDER_TYPE_GITLAB = 2;
   AUTH_PROVIDER_TYPE_BITBUCKET = 3;
   AUTH_PROVIDER_TYPE_BITBUCKET_SERVER = 4;
+  AUTH_PROVIDER_TYPE_AZURE_DEVOPS = 5;
 }
diff --git a/components/public-api/go/v1/authprovider.pb.go b/components/public-api/go/v1/authprovider.pb.go
index d7aaac8e73574c..27d7effd0856fc 100644
--- a/components/public-api/go/v1/authprovider.pb.go
+++ b/components/public-api/go/v1/authprovider.pb.go
@@ -33,6 +33,7 @@ const (
 	AuthProviderType_AUTH_PROVIDER_TYPE_GITLAB           AuthProviderType = 2
 	AuthProviderType_AUTH_PROVIDER_TYPE_BITBUCKET        AuthProviderType = 3
 	AuthProviderType_AUTH_PROVIDER_TYPE_BITBUCKET_SERVER AuthProviderType = 4
+	AuthProviderType_AUTH_PROVIDER_TYPE_AZURE_DEVOPS     AuthProviderType = 5
 )
 
 // Enum value maps for AuthProviderType.
@@ -43,6 +44,7 @@ var (
 		2: "AUTH_PROVIDER_TYPE_GITLAB",
 		3: "AUTH_PROVIDER_TYPE_BITBUCKET",
 		4: "AUTH_PROVIDER_TYPE_BITBUCKET_SERVER",
+		5: "AUTH_PROVIDER_TYPE_AZURE_DEVOPS",
 	}
 	AuthProviderType_value = map[string]int32{
 		"AUTH_PROVIDER_TYPE_UNSPECIFIED":      0,
@@ -50,6 +52,7 @@ var (
 		"AUTH_PROVIDER_TYPE_GITLAB":           2,
 		"AUTH_PROVIDER_TYPE_BITBUCKET":        3,
 		"AUTH_PROVIDER_TYPE_BITBUCKET_SERVER": 4,
+		"AUTH_PROVIDER_TYPE_AZURE_DEVOPS":     5,
 	}
 )
 
@@ -620,9 +623,11 @@ type UpdateAuthProviderRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	AuthProviderId string  `protobuf:"bytes,1,opt,name=auth_provider_id,json=authProviderId,proto3" json:"auth_provider_id,omitempty"`
-	ClientId       *string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3,oneof" json:"client_id,omitempty"`
-	ClientSecret   *string `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3,oneof" json:"client_secret,omitempty"`
+	AuthProviderId   string  `protobuf:"bytes,1,opt,name=auth_provider_id,json=authProviderId,proto3" json:"auth_provider_id,omitempty"`
+	ClientId         *string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3,oneof" json:"client_id,omitempty"`
+	ClientSecret     *string `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3,oneof" json:"client_secret,omitempty"`
+	AuthorizationUrl *string `protobuf:"bytes,4,opt,name=authorization_url,json=authorizationUrl,proto3,oneof" json:"authorization_url,omitempty"`
+	TokenUrl         *string `protobuf:"bytes,5,opt,name=token_url,json=tokenUrl,proto3,oneof" json:"token_url,omitempty"`
 }
 
 func (x *UpdateAuthProviderRequest) Reset() {
@@ -678,6 +683,20 @@ func (x *UpdateAuthProviderRequest) GetClientSecret() string {
 	return ""
 }
 
+func (x *UpdateAuthProviderRequest) GetAuthorizationUrl() string {
+	if x != nil && x.AuthorizationUrl != nil {
+		return *x.AuthorizationUrl
+	}
+	return ""
+}
+
+func (x *UpdateAuthProviderRequest) GetTokenUrl() string {
+	if x != nil && x.TokenUrl != nil {
+		return *x.TokenUrl
+	}
+	return ""
+}
+
 type UpdateAuthProviderResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1055,8 +1074,10 @@ type OAuth2Config struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ClientId     string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
-	ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
+	ClientId         string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
+	ClientSecret     string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
+	AuthorizationUrl string `protobuf:"bytes,3,opt,name=authorization_url,json=authorizationUrl,proto3" json:"authorization_url,omitempty"`
+	TokenUrl         string `protobuf:"bytes,4,opt,name=token_url,json=tokenUrl,proto3" json:"token_url,omitempty"`
 }
 
 func (x *OAuth2Config) Reset() {
@@ -1105,6 +1126,20 @@ func (x *OAuth2Config) GetClientSecret() string {
 	return ""
 }
 
+func (x *OAuth2Config) GetAuthorizationUrl() string {
+	if x != nil {
+		return x.AuthorizationUrl
+	}
+	return ""
+}
+
+func (x *OAuth2Config) GetTokenUrl() string {
+	if x != nil {
+		return x.TokenUrl
+	}
+	return ""
+}
+
 var File_gitpod_v1_authprovider_proto protoreflect.FileDescriptor
 
 var file_gitpod_v1_authprovider_proto_rawDesc = []byte{
@@ -1185,7 +1220,7 @@ var file_gitpod_v1_authprovider_proto_rawDesc = []byte{
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x69,
 	0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69,
 	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69,
-	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb1, 0x01, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa9, 0x02, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74,
 	0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71,
 	0x75, 0x65, 0x73, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f,
 	0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
@@ -1194,121 +1229,136 @@ var file_gitpod_v1_authprovider_proto_rawDesc = []byte{
 	0x09, 0x48, 0x00, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x88, 0x01, 0x01,
 	0x12, 0x28, 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65,
 	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x63,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x22, 0x5a, 0x0a, 0x1a, 0x55, 0x70,
-	0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3c, 0x0a, 0x0d, 0x61, 0x75, 0x74, 0x68,
-	0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x17, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x50, 0x72,
-	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x45, 0x0a, 0x19, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
-	0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61,
-	0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x64, 0x22, 0x1c, 0x0a,
-	0x1a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xa4, 0x01, 0x0a, 0x17,
+	0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x88, 0x01, 0x01, 0x12, 0x30, 0x0a, 0x11, 0x61, 0x75,
+	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x02, 0x52, 0x10, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
+	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09,
+	0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48,
+	0x03, 0x52, 0x08, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x42, 0x0c,
+	0x0a, 0x0a, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x42, 0x10, 0x0a, 0x0e,
+	0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x14,
+	0x0a, 0x12, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x75, 0x72, 0x6c, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x75,
+	0x72, 0x6c, 0x22, 0x5a, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x12, 0x3c, 0x0a, 0x0d, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64,
+	0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
+	0x52, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x45,
+	0x0a, 0x19, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x61,
+	0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x49, 0x64, 0x22, 0x1c, 0x0a, 0x1a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41,
+	0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0xa4, 0x01, 0x0a, 0x17, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12,
+	0x2f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e,
+	0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72,
+	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65,
+	0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa2, 0x03, 0x0a, 0x0c, 0x41,
+	0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x08, 0x6f,
+	0x77, 0x6e, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52,
+	0x07, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x49, 0x64, 0x12, 0x29, 0x0a, 0x0f, 0x6f, 0x72, 0x67, 0x61,
+	0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x48, 0x00, 0x52, 0x0e, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x1b, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75,
+	0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04,
+	0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b,
+	0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21,
+	0x0a, 0x0c, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x55, 0x72,
+	0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x09, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x12, 0x21, 0x0a,
+	0x0c, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x0a, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x0b, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
+	0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x0d, 0x6f, 0x61, 0x75, 0x74,
+	0x68, 0x32, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x17, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x41, 0x75, 0x74,
+	0x68, 0x32, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x07, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x22,
+	0x9a, 0x01, 0x0a, 0x0c, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x23, 0x0a,
+	0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72,
+	0x65, 0x74, 0x12, 0x2b, 0x0a, 0x11, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x61,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x6c, 0x12,
+	0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x55, 0x72, 0x6c, 0x2a, 0xe4, 0x01, 0x0a,
+	0x10, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70,
+	0x65, 0x12, 0x22, 0x0a, 0x1e, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44,
+	0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
+	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52,
+	0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x49, 0x54, 0x48,
+	0x55, 0x42, 0x10, 0x01, 0x12, 0x1d, 0x0a, 0x19, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f,
+	0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x49, 0x54, 0x4c, 0x41,
+	0x42, 0x10, 0x02, 0x12, 0x20, 0x0a, 0x1c, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56,
+	0x49, 0x44, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x49, 0x54, 0x42, 0x55, 0x43,
+	0x4b, 0x45, 0x54, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52,
+	0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x49, 0x54, 0x42,
+	0x55, 0x43, 0x4b, 0x45, 0x54, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x04, 0x12, 0x23,
+	0x0a, 0x1f, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x41, 0x5a, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x56, 0x4f, 0x50,
+	0x53, 0x10, 0x05, 0x32, 0x86, 0x05, 0x0a, 0x13, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x63, 0x0a, 0x12, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+	0x72, 0x12, 0x24, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64,
+	0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72,
+	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
+	0x12, 0x5a, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x12, 0x21, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e,
+	0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e,
+	0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x60, 0x0a, 0x11,
+	0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
+	0x73, 0x12, 0x23, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69,
+	0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e,
+	0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x81,
+	0x01, 0x0a, 0x1c, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x2e, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
 	0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63,
-	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76,
-	0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79,
-	0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04,
-	0x69, 0x63, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e,
-	0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x22, 0xa2, 0x03, 0x0a, 0x0c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x08, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x07, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x49, 0x64,
-	0x12, 0x29, 0x0a, 0x0f, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x6f, 0x72, 0x67,
-	0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x04, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x67, 0x69, 0x74, 0x70,
-	0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04,
-	0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74,
-	0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x69, 0x63, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e,
-	0x67, 0x73, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65,
-	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x55, 0x72, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x76, 0x65, 0x72,
-	0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x76, 0x65, 0x72,
-	0x69, 0x66, 0x69, 0x65, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f,
-	0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x65, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70,
-	0x65, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73,
-	0x12, 0x3c, 0x0a, 0x0d, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64,
-	0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x41, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x07,
-	0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x22, 0x50, 0x0a, 0x0c, 0x4f, 0x41, 0x75, 0x74, 0x68,
-	0x32, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73,
-	0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x2a, 0xbf, 0x01, 0x0a, 0x10, 0x41, 0x75,
-	0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x22,
-	0x0a, 0x1e, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f,
-	0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
-	0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49,
-	0x44, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10,
-	0x01, 0x12, 0x1d, 0x0a, 0x19, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44,
-	0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x49, 0x54, 0x4c, 0x41, 0x42, 0x10, 0x02,
-	0x12, 0x20, 0x0a, 0x1c, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45,
-	0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x49, 0x54, 0x42, 0x55, 0x43, 0x4b, 0x45, 0x54,
-	0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49,
-	0x44, 0x45, 0x52, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x49, 0x54, 0x42, 0x55, 0x43, 0x4b,
-	0x45, 0x54, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x04, 0x32, 0x86, 0x05, 0x0a, 0x13,
-	0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x63, 0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74,
-	0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x24, 0x2e, 0x67, 0x69, 0x74, 0x70,
-	0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x25, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x41,
-	0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x21, 0x2e, 0x67, 0x69,
-	0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50,
-	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22,
-	0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75,
-	0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x22, 0x00, 0x12, 0x60, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x23, 0x2e, 0x67, 0x69, 0x74, 0x70,
-	0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72,
-	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24,
-	0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41,
-	0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x81, 0x01, 0x0a, 0x1c, 0x4c, 0x69, 0x73, 0x74, 0x41,
-	0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64,
-	0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64,
-	0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x63, 0x0a, 0x12, 0x55, 0x70,
-	0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
-	0x12, 0x24, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e,
-	0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
-	0x63, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x24, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76,
-	0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x69,
-	0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75,
-	0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x22, 0x00, 0x42, 0x51, 0x0a, 0x16, 0x69, 0x6f, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f,
-	0x64, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x5a, 0x37,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x69, 0x74, 0x70, 0x6f,
-	0x64, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2f, 0x63, 0x6f, 0x6d, 0x70,
-	0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x61, 0x70,
-	0x69, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x2f, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
+	0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x12, 0x63, 0x0a, 0x12, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x24, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f,
+	0x64, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50,
+	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25,
+	0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x63, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74,
+	0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x24, 0x2e,
+	0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x76, 0x31, 0x2e,
+	0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x51, 0x0a, 0x16,
+	0x69, 0x6f, 0x2e, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x67, 0x69, 0x74, 0x70, 0x6f, 0x64, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x69, 0x74,
+	0x70, 0x6f, 0x64, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x70,
+	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/components/public-api/java/src/main/java/io/gitpod/publicapi/v1/Authprovider.java b/components/public-api/java/src/main/java/io/gitpod/publicapi/v1/Authprovider.java
index c872927d70ce3a..d85ebb3351cb7a 100644
--- a/components/public-api/java/src/main/java/io/gitpod/publicapi/v1/Authprovider.java
+++ b/components/public-api/java/src/main/java/io/gitpod/publicapi/v1/Authprovider.java
@@ -58,6 +58,10 @@ public enum AuthProviderType
      * <code>AUTH_PROVIDER_TYPE_BITBUCKET_SERVER = 4;</code>
      */
     AUTH_PROVIDER_TYPE_BITBUCKET_SERVER(4),
+    /**
+     * <code>AUTH_PROVIDER_TYPE_AZURE_DEVOPS = 5;</code>
+     */
+    AUTH_PROVIDER_TYPE_AZURE_DEVOPS(5),
     UNRECOGNIZED(-1),
     ;
 
@@ -94,6 +98,10 @@ public enum AuthProviderType
      * <code>AUTH_PROVIDER_TYPE_BITBUCKET_SERVER = 4;</code>
      */
     public static final int AUTH_PROVIDER_TYPE_BITBUCKET_SERVER_VALUE = 4;
+    /**
+     * <code>AUTH_PROVIDER_TYPE_AZURE_DEVOPS = 5;</code>
+     */
+    public static final int AUTH_PROVIDER_TYPE_AZURE_DEVOPS_VALUE = 5;
 
 
     public final int getNumber() {
@@ -125,6 +133,7 @@ public static AuthProviderType forNumber(int value) {
         case 2: return AUTH_PROVIDER_TYPE_GITLAB;
         case 3: return AUTH_PROVIDER_TYPE_BITBUCKET;
         case 4: return AUTH_PROVIDER_TYPE_BITBUCKET_SERVER;
+        case 5: return AUTH_PROVIDER_TYPE_AZURE_DEVOPS;
         default: return null;
       }
     }
@@ -7112,6 +7121,40 @@ public interface UpdateAuthProviderRequestOrBuilder extends
      */
     com.google.protobuf.ByteString
         getClientSecretBytes();
+
+    /**
+     * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+     * @return Whether the authorizationUrl field is set.
+     */
+    boolean hasAuthorizationUrl();
+    /**
+     * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+     * @return The authorizationUrl.
+     */
+    java.lang.String getAuthorizationUrl();
+    /**
+     * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+     * @return The bytes for authorizationUrl.
+     */
+    com.google.protobuf.ByteString
+        getAuthorizationUrlBytes();
+
+    /**
+     * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+     * @return Whether the tokenUrl field is set.
+     */
+    boolean hasTokenUrl();
+    /**
+     * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+     * @return The tokenUrl.
+     */
+    java.lang.String getTokenUrl();
+    /**
+     * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+     * @return The bytes for tokenUrl.
+     */
+    com.google.protobuf.ByteString
+        getTokenUrlBytes();
   }
   /**
    * Protobuf type {@code gitpod.v1.UpdateAuthProviderRequest}
@@ -7138,6 +7181,8 @@ private UpdateAuthProviderRequest() {
       authProviderId_ = "";
       clientId_ = "";
       clientSecret_ = "";
+      authorizationUrl_ = "";
+      tokenUrl_ = "";
     }
 
     public static final com.google.protobuf.Descriptors.Descriptor
@@ -7287,6 +7332,100 @@ public java.lang.String getClientSecret() {
       }
     }
 
+    public static final int AUTHORIZATION_URL_FIELD_NUMBER = 4;
+    @SuppressWarnings("serial")
+    private volatile java.lang.Object authorizationUrl_ = "";
+    /**
+     * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+     * @return Whether the authorizationUrl field is set.
+     */
+    @java.lang.Override
+    public boolean hasAuthorizationUrl() {
+      return ((bitField0_ & 0x00000004) != 0);
+    }
+    /**
+     * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+     * @return The authorizationUrl.
+     */
+    @java.lang.Override
+    public java.lang.String getAuthorizationUrl() {
+      java.lang.Object ref = authorizationUrl_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs =
+            (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        authorizationUrl_ = s;
+        return s;
+      }
+    }
+    /**
+     * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+     * @return The bytes for authorizationUrl.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString
+        getAuthorizationUrlBytes() {
+      java.lang.Object ref = authorizationUrl_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8(
+                (java.lang.String) ref);
+        authorizationUrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int TOKEN_URL_FIELD_NUMBER = 5;
+    @SuppressWarnings("serial")
+    private volatile java.lang.Object tokenUrl_ = "";
+    /**
+     * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+     * @return Whether the tokenUrl field is set.
+     */
+    @java.lang.Override
+    public boolean hasTokenUrl() {
+      return ((bitField0_ & 0x00000008) != 0);
+    }
+    /**
+     * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+     * @return The tokenUrl.
+     */
+    @java.lang.Override
+    public java.lang.String getTokenUrl() {
+      java.lang.Object ref = tokenUrl_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs =
+            (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        tokenUrl_ = s;
+        return s;
+      }
+    }
+    /**
+     * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+     * @return The bytes for tokenUrl.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString
+        getTokenUrlBytes() {
+      java.lang.Object ref = tokenUrl_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8(
+                (java.lang.String) ref);
+        tokenUrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
     private byte memoizedIsInitialized = -1;
     @java.lang.Override
     public final boolean isInitialized() {
@@ -7310,6 +7449,12 @@ public void writeTo(com.google.protobuf.CodedOutputStream output)
       if (((bitField0_ & 0x00000002) != 0)) {
         com.google.protobuf.GeneratedMessage.writeString(output, 3, clientSecret_);
       }
+      if (((bitField0_ & 0x00000004) != 0)) {
+        com.google.protobuf.GeneratedMessage.writeString(output, 4, authorizationUrl_);
+      }
+      if (((bitField0_ & 0x00000008) != 0)) {
+        com.google.protobuf.GeneratedMessage.writeString(output, 5, tokenUrl_);
+      }
       getUnknownFields().writeTo(output);
     }
 
@@ -7328,6 +7473,12 @@ public int getSerializedSize() {
       if (((bitField0_ & 0x00000002) != 0)) {
         size += com.google.protobuf.GeneratedMessage.computeStringSize(3, clientSecret_);
       }
+      if (((bitField0_ & 0x00000004) != 0)) {
+        size += com.google.protobuf.GeneratedMessage.computeStringSize(4, authorizationUrl_);
+      }
+      if (((bitField0_ & 0x00000008) != 0)) {
+        size += com.google.protobuf.GeneratedMessage.computeStringSize(5, tokenUrl_);
+      }
       size += getUnknownFields().getSerializedSize();
       memoizedSize = size;
       return size;
@@ -7355,6 +7506,16 @@ public boolean equals(final java.lang.Object obj) {
         if (!getClientSecret()
             .equals(other.getClientSecret())) return false;
       }
+      if (hasAuthorizationUrl() != other.hasAuthorizationUrl()) return false;
+      if (hasAuthorizationUrl()) {
+        if (!getAuthorizationUrl()
+            .equals(other.getAuthorizationUrl())) return false;
+      }
+      if (hasTokenUrl() != other.hasTokenUrl()) return false;
+      if (hasTokenUrl()) {
+        if (!getTokenUrl()
+            .equals(other.getTokenUrl())) return false;
+      }
       if (!getUnknownFields().equals(other.getUnknownFields())) return false;
       return true;
     }
@@ -7376,6 +7537,14 @@ public int hashCode() {
         hash = (37 * hash) + CLIENT_SECRET_FIELD_NUMBER;
         hash = (53 * hash) + getClientSecret().hashCode();
       }
+      if (hasAuthorizationUrl()) {
+        hash = (37 * hash) + AUTHORIZATION_URL_FIELD_NUMBER;
+        hash = (53 * hash) + getAuthorizationUrl().hashCode();
+      }
+      if (hasTokenUrl()) {
+        hash = (37 * hash) + TOKEN_URL_FIELD_NUMBER;
+        hash = (53 * hash) + getTokenUrl().hashCode();
+      }
       hash = (29 * hash) + getUnknownFields().hashCode();
       memoizedHashCode = hash;
       return hash;
@@ -7510,6 +7679,8 @@ public Builder clear() {
         authProviderId_ = "";
         clientId_ = "";
         clientSecret_ = "";
+        authorizationUrl_ = "";
+        tokenUrl_ = "";
         return this;
       }
 
@@ -7555,6 +7726,14 @@ private void buildPartial0(io.gitpod.publicapi.v1.Authprovider.UpdateAuthProvide
           result.clientSecret_ = clientSecret_;
           to_bitField0_ |= 0x00000002;
         }
+        if (((from_bitField0_ & 0x00000008) != 0)) {
+          result.authorizationUrl_ = authorizationUrl_;
+          to_bitField0_ |= 0x00000004;
+        }
+        if (((from_bitField0_ & 0x00000010) != 0)) {
+          result.tokenUrl_ = tokenUrl_;
+          to_bitField0_ |= 0x00000008;
+        }
         result.bitField0_ |= to_bitField0_;
       }
 
@@ -7585,6 +7764,16 @@ public Builder mergeFrom(io.gitpod.publicapi.v1.Authprovider.UpdateAuthProviderR
           bitField0_ |= 0x00000004;
           onChanged();
         }
+        if (other.hasAuthorizationUrl()) {
+          authorizationUrl_ = other.authorizationUrl_;
+          bitField0_ |= 0x00000008;
+          onChanged();
+        }
+        if (other.hasTokenUrl()) {
+          tokenUrl_ = other.tokenUrl_;
+          bitField0_ |= 0x00000010;
+          onChanged();
+        }
         this.mergeUnknownFields(other.getUnknownFields());
         onChanged();
         return this;
@@ -7626,6 +7815,16 @@ public Builder mergeFrom(
                 bitField0_ |= 0x00000004;
                 break;
               } // case 26
+              case 34: {
+                authorizationUrl_ = input.readStringRequireUtf8();
+                bitField0_ |= 0x00000008;
+                break;
+              } // case 34
+              case 42: {
+                tokenUrl_ = input.readStringRequireUtf8();
+                bitField0_ |= 0x00000010;
+                break;
+              } // case 42
               default: {
                 if (!super.parseUnknownField(input, extensionRegistry, tag)) {
                   done = true; // was an endgroup tag
@@ -7873,6 +8072,164 @@ public Builder setClientSecretBytes(
         return this;
       }
 
+      private java.lang.Object authorizationUrl_ = "";
+      /**
+       * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+       * @return Whether the authorizationUrl field is set.
+       */
+      public boolean hasAuthorizationUrl() {
+        return ((bitField0_ & 0x00000008) != 0);
+      }
+      /**
+       * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+       * @return The authorizationUrl.
+       */
+      public java.lang.String getAuthorizationUrl() {
+        java.lang.Object ref = authorizationUrl_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs =
+              (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          authorizationUrl_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+       * @return The bytes for authorizationUrl.
+       */
+      public com.google.protobuf.ByteString
+          getAuthorizationUrlBytes() {
+        java.lang.Object ref = authorizationUrl_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8(
+                  (java.lang.String) ref);
+          authorizationUrl_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+       * @param value The authorizationUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAuthorizationUrl(
+          java.lang.String value) {
+        if (value == null) { throw new NullPointerException(); }
+        authorizationUrl_ = value;
+        bitField0_ |= 0x00000008;
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+       * @return This builder for chaining.
+       */
+      public Builder clearAuthorizationUrl() {
+        authorizationUrl_ = getDefaultInstance().getAuthorizationUrl();
+        bitField0_ = (bitField0_ & ~0x00000008);
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>optional string authorization_url = 4 [json_name = "authorizationUrl"];</code>
+       * @param value The bytes for authorizationUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAuthorizationUrlBytes(
+          com.google.protobuf.ByteString value) {
+        if (value == null) { throw new NullPointerException(); }
+        checkByteStringIsUtf8(value);
+        authorizationUrl_ = value;
+        bitField0_ |= 0x00000008;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object tokenUrl_ = "";
+      /**
+       * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+       * @return Whether the tokenUrl field is set.
+       */
+      public boolean hasTokenUrl() {
+        return ((bitField0_ & 0x00000010) != 0);
+      }
+      /**
+       * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+       * @return The tokenUrl.
+       */
+      public java.lang.String getTokenUrl() {
+        java.lang.Object ref = tokenUrl_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs =
+              (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          tokenUrl_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+       * @return The bytes for tokenUrl.
+       */
+      public com.google.protobuf.ByteString
+          getTokenUrlBytes() {
+        java.lang.Object ref = tokenUrl_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8(
+                  (java.lang.String) ref);
+          tokenUrl_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+       * @param value The tokenUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setTokenUrl(
+          java.lang.String value) {
+        if (value == null) { throw new NullPointerException(); }
+        tokenUrl_ = value;
+        bitField0_ |= 0x00000010;
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+       * @return This builder for chaining.
+       */
+      public Builder clearTokenUrl() {
+        tokenUrl_ = getDefaultInstance().getTokenUrl();
+        bitField0_ = (bitField0_ & ~0x00000010);
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>optional string token_url = 5 [json_name = "tokenUrl"];</code>
+       * @param value The bytes for tokenUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setTokenUrlBytes(
+          com.google.protobuf.ByteString value) {
+        if (value == null) { throw new NullPointerException(); }
+        checkByteStringIsUtf8(value);
+        tokenUrl_ = value;
+        bitField0_ |= 0x00000010;
+        onChanged();
+        return this;
+      }
+
       // @@protoc_insertion_point(builder_scope:gitpod.v1.UpdateAuthProviderRequest)
     }
 
@@ -12677,6 +13034,30 @@ public interface OAuth2ConfigOrBuilder extends
      */
     com.google.protobuf.ByteString
         getClientSecretBytes();
+
+    /**
+     * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+     * @return The authorizationUrl.
+     */
+    java.lang.String getAuthorizationUrl();
+    /**
+     * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+     * @return The bytes for authorizationUrl.
+     */
+    com.google.protobuf.ByteString
+        getAuthorizationUrlBytes();
+
+    /**
+     * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+     * @return The tokenUrl.
+     */
+    java.lang.String getTokenUrl();
+    /**
+     * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+     * @return The bytes for tokenUrl.
+     */
+    com.google.protobuf.ByteString
+        getTokenUrlBytes();
   }
   /**
    * Protobuf type {@code gitpod.v1.OAuth2Config}
@@ -12702,6 +13083,8 @@ private OAuth2Config(com.google.protobuf.GeneratedMessage.Builder<?> builder) {
     private OAuth2Config() {
       clientId_ = "";
       clientSecret_ = "";
+      authorizationUrl_ = "";
+      tokenUrl_ = "";
     }
 
     public static final com.google.protobuf.Descriptors.Descriptor
@@ -12795,6 +13178,84 @@ public java.lang.String getClientSecret() {
       }
     }
 
+    public static final int AUTHORIZATION_URL_FIELD_NUMBER = 3;
+    @SuppressWarnings("serial")
+    private volatile java.lang.Object authorizationUrl_ = "";
+    /**
+     * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+     * @return The authorizationUrl.
+     */
+    @java.lang.Override
+    public java.lang.String getAuthorizationUrl() {
+      java.lang.Object ref = authorizationUrl_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs =
+            (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        authorizationUrl_ = s;
+        return s;
+      }
+    }
+    /**
+     * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+     * @return The bytes for authorizationUrl.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString
+        getAuthorizationUrlBytes() {
+      java.lang.Object ref = authorizationUrl_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8(
+                (java.lang.String) ref);
+        authorizationUrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int TOKEN_URL_FIELD_NUMBER = 4;
+    @SuppressWarnings("serial")
+    private volatile java.lang.Object tokenUrl_ = "";
+    /**
+     * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+     * @return The tokenUrl.
+     */
+    @java.lang.Override
+    public java.lang.String getTokenUrl() {
+      java.lang.Object ref = tokenUrl_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs =
+            (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        tokenUrl_ = s;
+        return s;
+      }
+    }
+    /**
+     * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+     * @return The bytes for tokenUrl.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString
+        getTokenUrlBytes() {
+      java.lang.Object ref = tokenUrl_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8(
+                (java.lang.String) ref);
+        tokenUrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
     private byte memoizedIsInitialized = -1;
     @java.lang.Override
     public final boolean isInitialized() {
@@ -12815,6 +13276,12 @@ public void writeTo(com.google.protobuf.CodedOutputStream output)
       if (!com.google.protobuf.GeneratedMessage.isStringEmpty(clientSecret_)) {
         com.google.protobuf.GeneratedMessage.writeString(output, 2, clientSecret_);
       }
+      if (!com.google.protobuf.GeneratedMessage.isStringEmpty(authorizationUrl_)) {
+        com.google.protobuf.GeneratedMessage.writeString(output, 3, authorizationUrl_);
+      }
+      if (!com.google.protobuf.GeneratedMessage.isStringEmpty(tokenUrl_)) {
+        com.google.protobuf.GeneratedMessage.writeString(output, 4, tokenUrl_);
+      }
       getUnknownFields().writeTo(output);
     }
 
@@ -12830,6 +13297,12 @@ public int getSerializedSize() {
       if (!com.google.protobuf.GeneratedMessage.isStringEmpty(clientSecret_)) {
         size += com.google.protobuf.GeneratedMessage.computeStringSize(2, clientSecret_);
       }
+      if (!com.google.protobuf.GeneratedMessage.isStringEmpty(authorizationUrl_)) {
+        size += com.google.protobuf.GeneratedMessage.computeStringSize(3, authorizationUrl_);
+      }
+      if (!com.google.protobuf.GeneratedMessage.isStringEmpty(tokenUrl_)) {
+        size += com.google.protobuf.GeneratedMessage.computeStringSize(4, tokenUrl_);
+      }
       size += getUnknownFields().getSerializedSize();
       memoizedSize = size;
       return size;
@@ -12849,6 +13322,10 @@ public boolean equals(final java.lang.Object obj) {
           .equals(other.getClientId())) return false;
       if (!getClientSecret()
           .equals(other.getClientSecret())) return false;
+      if (!getAuthorizationUrl()
+          .equals(other.getAuthorizationUrl())) return false;
+      if (!getTokenUrl()
+          .equals(other.getTokenUrl())) return false;
       if (!getUnknownFields().equals(other.getUnknownFields())) return false;
       return true;
     }
@@ -12864,6 +13341,10 @@ public int hashCode() {
       hash = (53 * hash) + getClientId().hashCode();
       hash = (37 * hash) + CLIENT_SECRET_FIELD_NUMBER;
       hash = (53 * hash) + getClientSecret().hashCode();
+      hash = (37 * hash) + AUTHORIZATION_URL_FIELD_NUMBER;
+      hash = (53 * hash) + getAuthorizationUrl().hashCode();
+      hash = (37 * hash) + TOKEN_URL_FIELD_NUMBER;
+      hash = (53 * hash) + getTokenUrl().hashCode();
       hash = (29 * hash) + getUnknownFields().hashCode();
       memoizedHashCode = hash;
       return hash;
@@ -12997,6 +13478,8 @@ public Builder clear() {
         bitField0_ = 0;
         clientId_ = "";
         clientSecret_ = "";
+        authorizationUrl_ = "";
+        tokenUrl_ = "";
         return this;
       }
 
@@ -13036,6 +13519,12 @@ private void buildPartial0(io.gitpod.publicapi.v1.Authprovider.OAuth2Config resu
         if (((from_bitField0_ & 0x00000002) != 0)) {
           result.clientSecret_ = clientSecret_;
         }
+        if (((from_bitField0_ & 0x00000004) != 0)) {
+          result.authorizationUrl_ = authorizationUrl_;
+        }
+        if (((from_bitField0_ & 0x00000008) != 0)) {
+          result.tokenUrl_ = tokenUrl_;
+        }
       }
 
       @java.lang.Override
@@ -13060,6 +13549,16 @@ public Builder mergeFrom(io.gitpod.publicapi.v1.Authprovider.OAuth2Config other)
           bitField0_ |= 0x00000002;
           onChanged();
         }
+        if (!other.getAuthorizationUrl().isEmpty()) {
+          authorizationUrl_ = other.authorizationUrl_;
+          bitField0_ |= 0x00000004;
+          onChanged();
+        }
+        if (!other.getTokenUrl().isEmpty()) {
+          tokenUrl_ = other.tokenUrl_;
+          bitField0_ |= 0x00000008;
+          onChanged();
+        }
         this.mergeUnknownFields(other.getUnknownFields());
         onChanged();
         return this;
@@ -13096,6 +13595,16 @@ public Builder mergeFrom(
                 bitField0_ |= 0x00000002;
                 break;
               } // case 18
+              case 26: {
+                authorizationUrl_ = input.readStringRequireUtf8();
+                bitField0_ |= 0x00000004;
+                break;
+              } // case 26
+              case 34: {
+                tokenUrl_ = input.readStringRequireUtf8();
+                bitField0_ |= 0x00000008;
+                break;
+              } // case 34
               default: {
                 if (!super.parseUnknownField(input, extensionRegistry, tag)) {
                   done = true; // was an endgroup tag
@@ -13257,6 +13766,150 @@ public Builder setClientSecretBytes(
         return this;
       }
 
+      private java.lang.Object authorizationUrl_ = "";
+      /**
+       * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+       * @return The authorizationUrl.
+       */
+      public java.lang.String getAuthorizationUrl() {
+        java.lang.Object ref = authorizationUrl_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs =
+              (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          authorizationUrl_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+       * @return The bytes for authorizationUrl.
+       */
+      public com.google.protobuf.ByteString
+          getAuthorizationUrlBytes() {
+        java.lang.Object ref = authorizationUrl_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8(
+                  (java.lang.String) ref);
+          authorizationUrl_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+       * @param value The authorizationUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAuthorizationUrl(
+          java.lang.String value) {
+        if (value == null) { throw new NullPointerException(); }
+        authorizationUrl_ = value;
+        bitField0_ |= 0x00000004;
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+       * @return This builder for chaining.
+       */
+      public Builder clearAuthorizationUrl() {
+        authorizationUrl_ = getDefaultInstance().getAuthorizationUrl();
+        bitField0_ = (bitField0_ & ~0x00000004);
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>string authorization_url = 3 [json_name = "authorizationUrl"];</code>
+       * @param value The bytes for authorizationUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAuthorizationUrlBytes(
+          com.google.protobuf.ByteString value) {
+        if (value == null) { throw new NullPointerException(); }
+        checkByteStringIsUtf8(value);
+        authorizationUrl_ = value;
+        bitField0_ |= 0x00000004;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object tokenUrl_ = "";
+      /**
+       * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+       * @return The tokenUrl.
+       */
+      public java.lang.String getTokenUrl() {
+        java.lang.Object ref = tokenUrl_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs =
+              (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          tokenUrl_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+       * @return The bytes for tokenUrl.
+       */
+      public com.google.protobuf.ByteString
+          getTokenUrlBytes() {
+        java.lang.Object ref = tokenUrl_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8(
+                  (java.lang.String) ref);
+          tokenUrl_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+       * @param value The tokenUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setTokenUrl(
+          java.lang.String value) {
+        if (value == null) { throw new NullPointerException(); }
+        tokenUrl_ = value;
+        bitField0_ |= 0x00000008;
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+       * @return This builder for chaining.
+       */
+      public Builder clearTokenUrl() {
+        tokenUrl_ = getDefaultInstance().getTokenUrl();
+        bitField0_ = (bitField0_ & ~0x00000008);
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>string token_url = 4 [json_name = "tokenUrl"];</code>
+       * @param value The bytes for tokenUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setTokenUrlBytes(
+          com.google.protobuf.ByteString value) {
+        if (value == null) { throw new NullPointerException(); }
+        checkByteStringIsUtf8(value);
+        tokenUrl_ = value;
+        bitField0_ |= 0x00000008;
+        onChanged();
+        return this;
+      }
+
       // @@protoc_insertion_point(builder_scope:gitpod.v1.OAuth2Config)
     }
 
@@ -13422,12 +14075,15 @@ public io.gitpod.publicapi.v1.Authprovider.OAuth2Config getDefaultInstanceForTyp
       "derDescriptionsResponse\022F\n\014descriptions\030" +
       "\001 \003(\0132\".gitpod.v1.AuthProviderDescriptio" +
       "nR\014descriptions\022=\n\npagination\030\002 \001(\0132\035.gi" +
-      "tpod.v1.PaginationResponseR\npagination\"\261" +
-      "\001\n\031UpdateAuthProviderRequest\022(\n\020auth_pro" +
+      "tpod.v1.PaginationResponseR\npagination\"\251" +
+      "\002\n\031UpdateAuthProviderRequest\022(\n\020auth_pro" +
       "vider_id\030\001 \001(\tR\016authProviderId\022 \n\tclient" +
       "_id\030\002 \001(\tH\000R\010clientId\210\001\001\022(\n\rclient_secre" +
-      "t\030\003 \001(\tH\001R\014clientSecret\210\001\001B\014\n\n_client_id" +
-      "B\020\n\016_client_secret\"Z\n\032UpdateAuthProvider" +
+      "t\030\003 \001(\tH\001R\014clientSecret\210\001\001\0220\n\021authorizat" +
+      "ion_url\030\004 \001(\tH\002R\020authorizationUrl\210\001\001\022 \n\t" +
+      "token_url\030\005 \001(\tH\003R\010tokenUrl\210\001\001B\014\n\n_clien" +
+      "t_idB\020\n\016_client_secretB\024\n\022_authorization" +
+      "_urlB\014\n\n_token_url\"Z\n\032UpdateAuthProvider" +
       "Response\022<\n\rauth_provider\030\001 \001(\0132\027.gitpod" +
       ".v1.AuthProviderR\014authProvider\"E\n\031Delete" +
       "AuthProviderRequest\022(\n\020auth_provider_id\030" +
@@ -13447,32 +14103,35 @@ public io.gitpod.publicapi.v1.Authprovider.OAuth2Config getDefaultInstanceForTyp
       "login\030\n \001(\010R\013enableLogin\022\026\n\006scopes\030\013 \003(\t" +
       "R\006scopes\022<\n\roauth2_config\030\014 \001(\0132\027.gitpod" +
       ".v1.OAuth2ConfigR\014oauth2ConfigB\007\n\005owner\"" +
-      "P\n\014OAuth2Config\022\033\n\tclient_id\030\001 \001(\tR\010clie" +
-      "ntId\022#\n\rclient_secret\030\002 \001(\tR\014clientSecre" +
-      "t*\277\001\n\020AuthProviderType\022\"\n\036AUTH_PROVIDER_" +
-      "TYPE_UNSPECIFIED\020\000\022\035\n\031AUTH_PROVIDER_TYPE" +
-      "_GITHUB\020\001\022\035\n\031AUTH_PROVIDER_TYPE_GITLAB\020\002" +
-      "\022 \n\034AUTH_PROVIDER_TYPE_BITBUCKET\020\003\022\'\n#AU" +
-      "TH_PROVIDER_TYPE_BITBUCKET_SERVER\020\0042\206\005\n\023" +
-      "AuthProviderService\022c\n\022CreateAuthProvide" +
-      "r\022$.gitpod.v1.CreateAuthProviderRequest\032" +
-      "%.gitpod.v1.CreateAuthProviderResponse\"\000" +
-      "\022Z\n\017GetAuthProvider\022!.gitpod.v1.GetAuthP" +
-      "roviderRequest\032\".gitpod.v1.GetAuthProvid" +
-      "erResponse\"\000\022`\n\021ListAuthProviders\022#.gitp" +
-      "od.v1.ListAuthProvidersRequest\032$.gitpod." +
-      "v1.ListAuthProvidersResponse\"\000\022\201\001\n\034ListA" +
-      "uthProviderDescriptions\022..gitpod.v1.List" +
-      "AuthProviderDescriptionsRequest\032/.gitpod" +
-      ".v1.ListAuthProviderDescriptionsResponse" +
-      "\"\000\022c\n\022UpdateAuthProvider\022$.gitpod.v1.Upd" +
-      "ateAuthProviderRequest\032%.gitpod.v1.Updat" +
-      "eAuthProviderResponse\"\000\022c\n\022DeleteAuthPro" +
-      "vider\022$.gitpod.v1.DeleteAuthProviderRequ" +
-      "est\032%.gitpod.v1.DeleteAuthProviderRespon" +
-      "se\"\000BQ\n\026io.gitpod.publicapi.v1Z7github.c" +
-      "om/gitpod-io/gitpod/components/public-ap" +
-      "i/go/v1b\006proto3"
+      "\232\001\n\014OAuth2Config\022\033\n\tclient_id\030\001 \001(\tR\010cli" +
+      "entId\022#\n\rclient_secret\030\002 \001(\tR\014clientSecr" +
+      "et\022+\n\021authorization_url\030\003 \001(\tR\020authoriza" +
+      "tionUrl\022\033\n\ttoken_url\030\004 \001(\tR\010tokenUrl*\344\001\n" +
+      "\020AuthProviderType\022\"\n\036AUTH_PROVIDER_TYPE_" +
+      "UNSPECIFIED\020\000\022\035\n\031AUTH_PROVIDER_TYPE_GITH" +
+      "UB\020\001\022\035\n\031AUTH_PROVIDER_TYPE_GITLAB\020\002\022 \n\034A" +
+      "UTH_PROVIDER_TYPE_BITBUCKET\020\003\022\'\n#AUTH_PR" +
+      "OVIDER_TYPE_BITBUCKET_SERVER\020\004\022#\n\037AUTH_P" +
+      "ROVIDER_TYPE_AZURE_DEVOPS\020\0052\206\005\n\023AuthProv" +
+      "iderService\022c\n\022CreateAuthProvider\022$.gitp" +
+      "od.v1.CreateAuthProviderRequest\032%.gitpod" +
+      ".v1.CreateAuthProviderResponse\"\000\022Z\n\017GetA" +
+      "uthProvider\022!.gitpod.v1.GetAuthProviderR" +
+      "equest\032\".gitpod.v1.GetAuthProviderRespon" +
+      "se\"\000\022`\n\021ListAuthProviders\022#.gitpod.v1.Li" +
+      "stAuthProvidersRequest\032$.gitpod.v1.ListA" +
+      "uthProvidersResponse\"\000\022\201\001\n\034ListAuthProvi" +
+      "derDescriptions\022..gitpod.v1.ListAuthProv" +
+      "iderDescriptionsRequest\032/.gitpod.v1.List" +
+      "AuthProviderDescriptionsResponse\"\000\022c\n\022Up" +
+      "dateAuthProvider\022$.gitpod.v1.UpdateAuthP" +
+      "roviderRequest\032%.gitpod.v1.UpdateAuthPro" +
+      "viderResponse\"\000\022c\n\022DeleteAuthProvider\022$." +
+      "gitpod.v1.DeleteAuthProviderRequest\032%.gi" +
+      "tpod.v1.DeleteAuthProviderResponse\"\000BQ\n\026" +
+      "io.gitpod.publicapi.v1Z7github.com/gitpo" +
+      "d-io/gitpod/components/public-api/go/v1b" +
+      "\006proto3"
     };
     descriptor = com.google.protobuf.Descriptors.FileDescriptor
       .internalBuildGeneratedFileFrom(descriptorData,
@@ -13532,7 +14191,7 @@ public io.gitpod.publicapi.v1.Authprovider.OAuth2Config getDefaultInstanceForTyp
     internal_static_gitpod_v1_UpdateAuthProviderRequest_fieldAccessorTable = new
       com.google.protobuf.GeneratedMessage.FieldAccessorTable(
         internal_static_gitpod_v1_UpdateAuthProviderRequest_descriptor,
-        new java.lang.String[] { "AuthProviderId", "ClientId", "ClientSecret", });
+        new java.lang.String[] { "AuthProviderId", "ClientId", "ClientSecret", "AuthorizationUrl", "TokenUrl", });
     internal_static_gitpod_v1_UpdateAuthProviderResponse_descriptor =
       getDescriptor().getMessageTypes().get(9);
     internal_static_gitpod_v1_UpdateAuthProviderResponse_fieldAccessorTable = new
@@ -13568,7 +14227,7 @@ public io.gitpod.publicapi.v1.Authprovider.OAuth2Config getDefaultInstanceForTyp
     internal_static_gitpod_v1_OAuth2Config_fieldAccessorTable = new
       com.google.protobuf.GeneratedMessage.FieldAccessorTable(
         internal_static_gitpod_v1_OAuth2Config_descriptor,
-        new java.lang.String[] { "ClientId", "ClientSecret", });
+        new java.lang.String[] { "ClientId", "ClientSecret", "AuthorizationUrl", "TokenUrl", });
     descriptor.resolveAllFeaturesImmutable();
     io.gitpod.publicapi.v1.Pagination.getDescriptor();
   }
diff --git a/components/public-api/typescript-common/fixtures/toAuthProvider_1.golden b/components/public-api/typescript-common/fixtures/toAuthProvider_1.golden
index dca9fd44e7f0f6..3779d2ecec9c81 100644
--- a/components/public-api/typescript-common/fixtures/toAuthProvider_1.golden
+++ b/components/public-api/typescript-common/fixtures/toAuthProvider_1.golden
@@ -12,7 +12,9 @@
         "scopes": [],
         "oauth2Config": {
             "clientId": "clientId123",
-            "clientSecret": "should not appear in result"
+            "clientSecret": "should not appear in result",
+            "authorizationUrl": "auth.service/authorize",
+            "tokenUrl": "auth.service/token"
         }
     },
     "err": ""
diff --git a/components/public-api/typescript-common/src/auth-providers.ts b/components/public-api/typescript-common/src/auth-providers.ts
index 1c573e17c00c2e..3981a42a83e011 100644
--- a/components/public-api/typescript-common/src/auth-providers.ts
+++ b/components/public-api/typescript-common/src/auth-providers.ts
@@ -93,6 +93,22 @@ export namespace BitbucketServerOAuthScopes {
     };
 }
 
+export namespace AzureDevOpsOAuthScopes {
+    export const READ_USER = "https://app.vssps.visualstudio.com/vso.profile";
+    export const WRITE_REPO = "https://app.vssps.visualstudio.com/vso.code_write";
+
+    // extend token lifetime
+    const OFFLINE_ACCESS = "offline_access";
+    export const APPEND_WHEN_FETCHING = [OFFLINE_ACCESS];
+
+    export const ALL = [READ_USER, WRITE_REPO];
+    export const REPO = [WRITE_REPO];
+    export const DEFAULT = ALL;
+    export const Requirements = {
+        DEFAULT: [READ_USER, WRITE_REPO],
+    };
+}
+
 export function getScopesForAuthProviderType(type: AuthProviderType | string) {
     switch (type) {
         case AuthProviderType.GITHUB:
@@ -107,6 +123,9 @@ export function getScopesForAuthProviderType(type: AuthProviderType | string) {
         case AuthProviderType.BITBUCKET_SERVER:
         case "BitbucketServer":
             return BitbucketServerOAuthScopes.ALL;
+        case AuthProviderType.AZURE_DEVOPS:
+        case "AzureDevOps":
+            return AzureDevOpsOAuthScopes.ALL;
     }
 }
 
@@ -140,5 +159,20 @@ export function getRequiredScopes(type: AuthProviderType | string) {
                 publicRepo: BitbucketServerOAuthScopes.Requirements.DEFAULT,
                 privateRepo: BitbucketServerOAuthScopes.Requirements.DEFAULT,
             };
+        case AuthProviderType.AZURE_DEVOPS:
+        case "AzureDevOps":
+            return {
+                default: AzureDevOpsOAuthScopes.Requirements.DEFAULT,
+                publicRepo: AzureDevOpsOAuthScopes.Requirements.DEFAULT,
+                privateRepo: AzureDevOpsOAuthScopes.Requirements.DEFAULT,
+            };
+    }
+}
+
+export function getScopeNameForScope(scope: string) {
+    // Azure DevOps scopes are URLs, we only want to display the last part
+    if (scope.startsWith("https://app.vssps.visualstudio.com/")) {
+        return scope.replace("https://app.vssps.visualstudio.com/", "");
     }
+    return scope;
 }
diff --git a/components/public-api/typescript-common/src/public-api-converter.ts b/components/public-api/typescript-common/src/public-api-converter.ts
index aac5ae1ac8c09b..836b91eabf192a 100644
--- a/components/public-api/typescript-common/src/public-api-converter.ts
+++ b/components/public-api/typescript-common/src/public-api-converter.ts
@@ -1190,6 +1190,8 @@ export class PublicAPIConverter {
         return new OAuth2Config({
             clientId: ap.oauth?.clientId,
             clientSecret: ap.oauth?.clientSecret,
+            authorizationUrl: ap.oauth?.authorizationUrl,
+            tokenUrl: ap.oauth?.tokenUrl,
         });
     }
 
@@ -1203,6 +1205,8 @@ export class PublicAPIConverter {
                 return AuthProviderType.BITBUCKET;
             case "BitbucketServer":
                 return AuthProviderType.BITBUCKET_SERVER;
+            case "AzureDevOps":
+                return AuthProviderType.AZURE_DEVOPS;
             default:
                 return AuthProviderType.UNSPECIFIED; // not allowed
         }
@@ -1218,6 +1222,8 @@ export class PublicAPIConverter {
                 return "Bitbucket";
             case AuthProviderType.BITBUCKET_SERVER:
                 return "BitbucketServer";
+            case AuthProviderType.AZURE_DEVOPS:
+                return "AzureDevOps";
             default:
                 return ""; // not allowed
         }
diff --git a/components/public-api/typescript/src/gitpod/v1/authprovider_pb.ts b/components/public-api/typescript/src/gitpod/v1/authprovider_pb.ts
index f38300d4998a45..83b877112befe1 100644
--- a/components/public-api/typescript/src/gitpod/v1/authprovider_pb.ts
+++ b/components/public-api/typescript/src/gitpod/v1/authprovider_pb.ts
@@ -43,6 +43,11 @@ export enum AuthProviderType {
    * @generated from enum value: AUTH_PROVIDER_TYPE_BITBUCKET_SERVER = 4;
    */
   BITBUCKET_SERVER = 4,
+
+  /**
+   * @generated from enum value: AUTH_PROVIDER_TYPE_AZURE_DEVOPS = 5;
+   */
+  AZURE_DEVOPS = 5,
 }
 // Retrieve enum metadata with: proto3.getEnumType(AuthProviderType)
 proto3.util.setEnumType(AuthProviderType, "gitpod.v1.AuthProviderType", [
@@ -51,6 +56,7 @@ proto3.util.setEnumType(AuthProviderType, "gitpod.v1.AuthProviderType", [
   { no: 2, name: "AUTH_PROVIDER_TYPE_GITLAB" },
   { no: 3, name: "AUTH_PROVIDER_TYPE_BITBUCKET" },
   { no: 4, name: "AUTH_PROVIDER_TYPE_BITBUCKET_SERVER" },
+  { no: 5, name: "AUTH_PROVIDER_TYPE_AZURE_DEVOPS" },
 ]);
 
 /**
@@ -449,6 +455,16 @@ export class UpdateAuthProviderRequest extends Message<UpdateAuthProviderRequest
    */
   clientSecret?: string;
 
+  /**
+   * @generated from field: optional string authorization_url = 4;
+   */
+  authorizationUrl?: string;
+
+  /**
+   * @generated from field: optional string token_url = 5;
+   */
+  tokenUrl?: string;
+
   constructor(data?: PartialMessage<UpdateAuthProviderRequest>) {
     super();
     proto3.util.initPartial(data, this);
@@ -460,6 +476,8 @@ export class UpdateAuthProviderRequest extends Message<UpdateAuthProviderRequest
     { no: 1, name: "auth_provider_id", kind: "scalar", T: 9 /* ScalarType.STRING */ },
     { no: 2, name: "client_id", kind: "scalar", T: 9 /* ScalarType.STRING */, opt: true },
     { no: 3, name: "client_secret", kind: "scalar", T: 9 /* ScalarType.STRING */, opt: true },
+    { no: 4, name: "authorization_url", kind: "scalar", T: 9 /* ScalarType.STRING */, opt: true },
+    { no: 5, name: "token_url", kind: "scalar", T: 9 /* ScalarType.STRING */, opt: true },
   ]);
 
   static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): UpdateAuthProviderRequest {
@@ -769,6 +787,16 @@ export class OAuth2Config extends Message<OAuth2Config> {
    */
   clientSecret = "";
 
+  /**
+   * @generated from field: string authorization_url = 3;
+   */
+  authorizationUrl = "";
+
+  /**
+   * @generated from field: string token_url = 4;
+   */
+  tokenUrl = "";
+
   constructor(data?: PartialMessage<OAuth2Config>) {
     super();
     proto3.util.initPartial(data, this);
@@ -779,6 +807,8 @@ export class OAuth2Config extends Message<OAuth2Config> {
   static readonly fields: FieldList = proto3.util.newFieldList(() => [
     { no: 1, name: "client_id", kind: "scalar", T: 9 /* ScalarType.STRING */ },
     { no: 2, name: "client_secret", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 3, name: "authorization_url", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 4, name: "token_url", kind: "scalar", T: 9 /* ScalarType.STRING */ },
   ]);
 
   static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): OAuth2Config {
diff --git a/components/server/package.json b/components/server/package.json
index 4fa087659096ee..8243cf4cb0b039 100644
--- a/components/server/package.json
+++ b/components/server/package.json
@@ -67,6 +67,7 @@
     "@probot/get-private-key": "^1.1.1",
     "@types/jaeger-client": "^3.18.3",
     "async-batch": "^1.1.2",
+    "azure-devops-node-api": "^14.0.2",
     "base-64": "^1.0.0",
     "bitbucket": "^2.7.0",
     "body-parser": "^1.19.2",
diff --git a/components/server/src/api/auth-provider-service-api.ts b/components/server/src/api/auth-provider-service-api.ts
index a15ceeb0b27926..432c3ed001ea3d 100644
--- a/components/server/src/api/auth-provider-service-api.ts
+++ b/components/server/src/api/auth-provider-service-api.ts
@@ -57,6 +57,8 @@ export class AuthProviderServiceAPI implements ServiceImpl<typeof AuthProviderSe
                 type: this.apiConverter.fromAuthProviderType(request.type),
                 clientId: request.oauth2Config?.clientId,
                 clientSecret: request.oauth2Config?.clientSecret,
+                tokenUrl: request.oauth2Config?.tokenUrl,
+                authorizationUrl: request.oauth2Config?.authorizationUrl,
             });
 
             return new CreateAuthProviderResponse({ authProvider: this.apiConverter.toAuthProvider(result) });
@@ -67,6 +69,8 @@ export class AuthProviderServiceAPI implements ServiceImpl<typeof AuthProviderSe
                 type: this.apiConverter.fromAuthProviderType(request.type),
                 clientId: request.oauth2Config?.clientId,
                 clientSecret: request.oauth2Config?.clientSecret,
+                tokenUrl: request.oauth2Config?.tokenUrl,
+                authorizationUrl: request.oauth2Config?.authorizationUrl,
             });
 
             return new CreateAuthProviderResponse({ authProvider: this.apiConverter.toAuthProvider(result) });
@@ -162,6 +166,8 @@ export class AuthProviderServiceAPI implements ServiceImpl<typeof AuthProviderSe
                 organizationId: authProvider.organizationId,
                 clientId: clientId,
                 clientSecret: clientSecret,
+                authorizationUrl: request.authorizationUrl,
+                tokenUrl: request.tokenUrl,
             });
         } else {
             entry = await this.authProviderService.updateAuthProviderOfUser(ctxUserId(), {
@@ -169,6 +175,8 @@ export class AuthProviderServiceAPI implements ServiceImpl<typeof AuthProviderSe
                 ownerId: ctxUserId(),
                 clientId: clientId,
                 clientSecret: clientSecret,
+                authorizationUrl: request.authorizationUrl,
+                tokenUrl: request.tokenUrl,
             });
         }
 
diff --git a/components/server/src/auth/auth-provider-service.ts b/components/server/src/auth/auth-provider-service.ts
index 3d8f2c3a7a1902..818fc7d4031ff9 100644
--- a/components/server/src/auth/auth-provider-service.ts
+++ b/components/server/src/auth/auth-provider-service.ts
@@ -14,11 +14,14 @@ import { oauthUrls as githubUrls } from "../github/github-urls";
 import { oauthUrls as gitlabUrls } from "../gitlab/gitlab-urls";
 import { oauthUrls as bbsUrls } from "../bitbucket-server/bitbucket-server-urls";
 import { oauthUrls as bbUrls } from "../bitbucket/bitbucket-urls";
+import { oauthUrls as azureUrls } from "../azure-devops/azure-urls";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import fetch from "node-fetch";
 import { Authorizer } from "../authorization/authorizer";
 import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
 import { getRequiredScopes, getScopesForAuthProviderType } from "@gitpod/public-api-common/lib/auth-providers";
+import { PublicAPIConverter } from "@gitpod/public-api-common/lib/public-api-converter";
+import { AuthProviderType } from "@gitpod/public-api/lib/gitpod/v1/authprovider_pb";
 
 @injectable()
 export class AuthProviderService {
@@ -27,6 +30,7 @@ export class AuthProviderService {
         @inject(TeamDB) private readonly teamDB: TeamDB,
         @inject(Config) protected readonly config: Config,
         @inject(Authorizer) private readonly auth: Authorizer,
+        @inject(PublicAPIConverter) private readonly apiConverter: PublicAPIConverter,
     ) {}
 
     /**
@@ -236,10 +240,19 @@ export class AuthProviderService {
             throw new ApplicationError(ErrorCodes.NOT_FOUND, "Provider resource not found.");
         }
 
+        const isAzure = this.apiConverter.toAuthProviderType(existing.type) === AuthProviderType.AZURE_DEVOPS;
+        if (!isAzure) {
+            entry.authorizationUrl = undefined;
+            entry.tokenUrl = undefined;
+        }
+
         // Explicitly check if any update needs to be performed
         const changedId = entry.clientId && entry.clientId !== existing.oauth.clientId;
         const changedSecret = entry.clientSecret && entry.clientSecret !== existing.oauth.clientSecret;
-        const changed = changedId || changedSecret;
+        const azureChanged =
+            isAzure &&
+            (existing.oauth.authorizationUrl !== entry.authorizationUrl || existing.oauth.tokenUrl !== entry.tokenUrl);
+        const changed = changedId || changedSecret || azureChanged;
 
         if (!changed) {
             return existing;
@@ -250,6 +263,8 @@ export class AuthProviderService {
             ...existing.oauth,
             clientId: entry.clientId || existing.oauth?.clientId,
             clientSecret: entry.clientSecret || existing.oauth?.clientSecret, // FE may send empty ("") if not changed
+            authorizationUrl: entry.authorizationUrl || existing.oauth?.authorizationUrl,
+            tokenUrl: entry.tokenUrl || existing.oauth?.tokenUrl,
         };
         const authProvider: AuthProviderEntry = {
             ...existing,
@@ -298,9 +313,20 @@ export class AuthProviderService {
         if (!existing) {
             throw new ApplicationError(ErrorCodes.NOT_FOUND, "Provider resource not found.");
         }
+
+        const isAzure = this.apiConverter.toAuthProviderType(existing.type) === AuthProviderType.AZURE_DEVOPS;
+        if (!isAzure) {
+            entry.authorizationUrl = undefined;
+            entry.tokenUrl = undefined;
+        }
+
+        const azureChanged =
+            isAzure &&
+            (existing.oauth.authorizationUrl !== entry.authorizationUrl || existing.oauth.tokenUrl !== entry.tokenUrl);
         const changed =
             entry.clientId !== existing.oauth.clientId ||
-            (entry.clientSecret && entry.clientSecret !== existing.oauth.clientSecret);
+            (entry.clientSecret && entry.clientSecret !== existing.oauth.clientSecret) ||
+            azureChanged;
 
         if (!changed) {
             return existing;
@@ -311,6 +337,8 @@ export class AuthProviderService {
             ...existing.oauth,
             clientId: entry.clientId || existing.oauth?.clientId,
             clientSecret: entry.clientSecret || existing.oauth?.clientSecret, // FE may send empty ("") if not changed
+            authorizationUrl: entry.authorizationUrl || existing.oauth.authorizationUrl,
+            tokenUrl: entry.tokenUrl || existing.oauth.tokenUrl,
         };
         const authProvider: AuthProviderEntry = {
             ...existing,
@@ -338,6 +366,17 @@ export class AuthProviderService {
             case "Bitbucket":
                 urls = bbUrls(host);
                 break;
+            case "AzureDevOps":
+                // We don't support Azure DevOps for PAYG users yet because our auth flow is based on provider's host
+                if (this.config.hostUrl.url.host === "gitpod.io") {
+                    throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Unexpected service type.");
+                }
+                const { authorizationUrl, tokenUrl } = newEntry;
+                if (!authorizationUrl || !tokenUrl) {
+                    throw new ApplicationError(ErrorCodes.BAD_REQUEST, "authorizationUrl and tokenUrl are required.");
+                }
+                urls = azureUrls({ authorizationUrl, tokenUrl });
+                break;
         }
         if (!urls) {
             throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Unexpected service type.");
diff --git a/components/server/src/auth/host-container-mapping.ts b/components/server/src/auth/host-container-mapping.ts
index 37933287b1045d..097b82e3cbd11c 100644
--- a/components/server/src/auth/host-container-mapping.ts
+++ b/components/server/src/auth/host-container-mapping.ts
@@ -10,6 +10,7 @@ import { gitlabContainerModule } from "../gitlab/gitlab-container-module";
 import { genericAuthContainerModule } from "./oauth-container-module";
 import { bitbucketContainerModule } from "../bitbucket/bitbucket-container-module";
 import { bitbucketServerContainerModule } from "../bitbucket-server/bitbucket-server-container-module";
+import { azureDevOpsContainerModule } from "../azure-devops/azure-container-module";
 
 @injectable()
 export class HostContainerMapping {
@@ -25,6 +26,8 @@ export class HostContainerMapping {
                 return [bitbucketContainerModule];
             case "BitbucketServer":
                 return [bitbucketServerContainerModule];
+            case "AzureDevOps":
+                return [azureDevOpsContainerModule];
             default:
                 return undefined;
         }
diff --git a/components/server/src/azure-devops/README.md b/components/server/src/azure-devops/README.md
new file mode 100644
index 00000000000000..3b3d1a65eee277
--- /dev/null
+++ b/components/server/src/azure-devops/README.md
@@ -0,0 +1,19 @@
+# Azure DevOps Integration
+
+## How to add integration to a preview env
+
+Check `Gitpod Azure DevOps Integration (preview env)` item in 1P.
+
+## How to run the tests
+
+1. With Personal Access Token (in 1P): Update `azure-api.ts` file to use `getPersonalAccessTokenHandler` instead of `getBearerHandler`.
+2. Or with Bearer Token (how server does it): Follow OAuth2 flow to get a refreshed access token.
+3. Run the tests
+```bash
+  export AZURE_TOKEN=<token>
+export GITPOD_TEST_TOKEN_AZURE_DEVOPS='{"value": "'$AZURE_TOKEN'"}'
+
+# `yarn watch` if needed
+# for all server tests `yarn test:unit`
+yarn mocha './**/*/azure-*.spec.js' --exclude './node_modules/**' --exit
+```
diff --git a/components/server/src/azure-devops/azure-api.spec.ts b/components/server/src/azure-devops/azure-api.spec.ts
new file mode 100644
index 00000000000000..2dfeed039b8960
--- /dev/null
+++ b/components/server/src/azure-devops/azure-api.spec.ts
@@ -0,0 +1,54 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { User } from "@gitpod/gitpod-protocol";
+import { ifEnvVarNotSet } from "@gitpod/gitpod-protocol/lib/util/skip-if";
+import { expect } from "chai";
+import { Container } from "inversify";
+import { suite, test, timeout, skip } from "@testdeck/mocha";
+import { DevData, DevTestHelper } from "../dev/dev-data";
+import { AzureDevOpsApi } from "./azure-api";
+import { RepositoryNotFoundError } from "@gitpod/public-api-common/lib/public-api-errors";
+
+DevTestHelper.echoAzureTestTips();
+
+@suite(timeout(10000), skip(ifEnvVarNotSet(DevTestHelper.AzureTestEnv)))
+class TestAzureDevOpsFileProvider {
+    protected azureDevOpsApi: AzureDevOpsApi;
+    protected user: User;
+    protected container: Container;
+
+    public before() {
+        this.container = DevTestHelper.createAzureSCMContainer();
+        this.azureDevOpsApi = this.container.get(AzureDevOpsApi);
+        this.user = DevData.createTestUser();
+    }
+
+    @test public async happyPath() {
+        const result = await this.azureDevOpsApi.getRepository(this.user, "services-azure", "test-project", "repo2");
+        expect(result.name).to.equal("repo2");
+    }
+
+    @test public async test401() {
+        try {
+            await this.azureDevOpsApi.getPullRequest("not-a-user", "services-azure", "test-project", "repo2", 5);
+            expect.fail("should have failed");
+        } catch (error) {
+            expect(error.statusCode).to.equal(401);
+        }
+    }
+
+    @test public async test404() {
+        try {
+            await this.azureDevOpsApi.getRepository(this.user, "services-azure", "test-project", "must_be_repo_404");
+            expect.fail("should have failed");
+        } catch (error) {
+            expect(error instanceof RepositoryNotFoundError).to.equal(true);
+        }
+    }
+}
+
+module.exports = new TestAzureDevOpsFileProvider();
diff --git a/components/server/src/azure-devops/azure-api.ts b/components/server/src/azure-devops/azure-api.ts
new file mode 100644
index 00000000000000..469d1f3d6bfefb
--- /dev/null
+++ b/components/server/src/azure-devops/azure-api.ts
@@ -0,0 +1,281 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { injectable, inject } from "inversify";
+import { Commit, User } from "@gitpod/gitpod-protocol";
+import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+
+import { AuthProviderParams } from "../auth/auth-provider";
+import { AzureDevOpsTokenHelper } from "./azure-token-helper";
+import { WebApi, getHandlerFromToken } from "azure-devops-node-api";
+import { MaybeContent } from "../repohost";
+import { GitVersionDescriptor, GitVersionType } from "azure-devops-node-api/interfaces/GitInterfaces";
+import { AzureDevOpsOAuthScopes } from "@gitpod/public-api-common/lib/auth-providers";
+import { RepositoryNotFoundError } from "@gitpod/public-api-common/lib/public-api-errors";
+import { IncomingMessage } from "node:http";
+
+@injectable()
+export class AzureDevOpsApi {
+    @inject(AuthProviderParams) readonly config: AuthProviderParams;
+    @inject(AzureDevOpsTokenHelper) protected readonly tokenHelper: AzureDevOpsTokenHelper;
+
+    private async create(userOrToken: User | string, opts: { serverUrl?: string; orgId?: string } = {}) {
+        if (!opts.serverUrl && !opts.orgId) {
+            throw new Error("Either serverUrl or orgId must be provided");
+        }
+        let bearerToken: string | undefined;
+        if (typeof userOrToken === "string") {
+            bearerToken = userOrToken;
+        } else {
+            const azureToken = await this.tokenHelper.getTokenWithScopes(userOrToken, AzureDevOpsOAuthScopes.DEFAULT);
+            bearerToken = azureToken.value;
+        }
+        return new WebApi(
+            opts.serverUrl ?? `https://${this.config.host}/${opts.orgId}`,
+            getHandlerFromToken(bearerToken),
+        );
+    }
+
+    private async createGitApi(userOrToken: User | string, orgId: string) {
+        const api = await this.create(userOrToken, { orgId });
+        return api.getGitApi();
+    }
+
+    private getVersionDescriptor(commit: Pick<Commit, "ref" | "refType" | "revision">): GitVersionDescriptor {
+        const result: GitVersionDescriptor = {};
+        if (commit.refType === "revision") {
+            result.versionType = GitVersionType.Commit;
+            result.version = commit.revision;
+        }
+        if (commit.refType === "branch") {
+            result.versionType = GitVersionType.Branch;
+            result.version = commit.ref;
+        }
+        if (commit.refType === "tag") {
+            result.versionType = GitVersionType.Tag;
+            result.version = commit.ref;
+        }
+        return result;
+    }
+
+    /**
+     *
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/git/commits/get-commits
+     */
+    async getCommits(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        opts?: Partial<{
+            filterCommit: Pick<Commit, "ref" | "refType" | "revision">;
+            $top: number;
+            itemPath: string;
+        }>,
+    ) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        return gitApi.getCommits(
+            repository,
+            {
+                itemVersion: opts?.filterCommit ? this.getVersionDescriptor(opts.filterCommit) : undefined,
+                $top: opts?.$top,
+                itemPath: opts?.itemPath,
+            },
+            azProject,
+        );
+    }
+
+    /**
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/git/items/get
+     */
+    async getFileContent(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        commit: Pick<Commit, "repository" | "ref" | "refType" | "revision">,
+        path: string,
+    ): Promise<MaybeContent> {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        const azPath = "/" + path;
+        try {
+            const readableStream = await gitApi.getItemContent(
+                repository,
+                azPath,
+                azProject,
+                undefined,
+                undefined,
+                undefined,
+                undefined,
+                undefined,
+                this.getVersionDescriptor(commit),
+            );
+            const err = AzureReadableStreamError.tryCreate(readableStream);
+            if (err) {
+                throw err;
+            }
+            let content = "";
+            for await (const chunk of readableStream) {
+                content += chunk.toString();
+            }
+            return content;
+        } catch (err) {
+            if (err instanceof AzureReadableStreamError) {
+                if (err.statusCode === 404) {
+                    return undefined;
+                }
+                throw err;
+            }
+            log.error("Error while fetching file content", err);
+            throw new Error(`Failed to fetch file content: ${err}`);
+        }
+    }
+
+    /**
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/git/repositories/list
+     */
+    async getRepositories(userOrToken: User | string, azOrgId: string, azProject: string) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        return gitApi.getRepositories(azProject);
+    }
+
+    /**
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/git/repositories/get-repository
+     */
+    async getRepository(userOrToken: User | string, azOrgId: string, azProject: string, repository: string) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        const repo = await gitApi.getRepository(repository, azProject);
+        if (!repo) {
+            throw new RepositoryNotFoundError({
+                host: this.config.host,
+                owner: `${azOrgId}/${azProject}`,
+                repoName: repository,
+                userIsOwner: false,
+                userScopes: [],
+                lastUpdate: "",
+                errorMessage: "Repository not found.",
+            });
+        }
+        return repo;
+    }
+
+    async getBranches(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        opts?: { filterBranch?: string },
+    ) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        // If not found, sdk will return null
+        return (
+            (await gitApi.getBranches(
+                repository,
+                azProject,
+                opts?.filterBranch
+                    ? this.getVersionDescriptor({ ref: opts.filterBranch, refType: "branch", revision: "" })
+                    : undefined,
+            )) ?? []
+        );
+    }
+
+    async getBranch(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        branch: string,
+    ) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        return gitApi.getBranch(repository, branch, azProject);
+    }
+
+    async getTagCommit(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        tag: string,
+    ) {
+        const commits = await this.getCommits(userOrToken, azOrgId, azProject, repository, {
+            filterCommit: { ref: tag, refType: "tag", revision: "" },
+            $top: 1,
+        });
+        if (commits.length === 0) {
+            throw new Error(`Tag ${tag} not found`);
+        }
+        return commits[0];
+    }
+
+    /**
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/git/commits/get
+     */
+    async getCommit(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        commitId: string,
+    ) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        return gitApi.getCommit(commitId, repository, azProject);
+    }
+
+    /**
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-requests/get-pull-request?view=azure-devops-rest-7.1
+     */
+    async getPullRequest(
+        userOrToken: User | string,
+        azOrgId: string,
+        azProject: string,
+        repository: string,
+        prId: number,
+    ) {
+        const gitApi = await this.createGitApi(userOrToken, azOrgId);
+        return gitApi.getPullRequest(repository, prId, azProject);
+    }
+
+    /**
+     * @see https://learn.microsoft.com/en-us/rest/api/azure/devops/profile/profiles/get
+     */
+    async getAuthenticatedUser(userOrToken: User | string) {
+        const api = await this.create(userOrToken, { serverUrl: "https://app.vssps.visualstudio.com" });
+        const profileApi = await api.getProfileApi();
+        // official <Profile> interface has no `displayName` field although it's exists in the response
+        const profile = await profileApi.getProfile("me", true);
+        const anyProfile = profile as Partial<{ displayName: string; emailAddress: string; publicAlias: string }>;
+        return {
+            id: profile.id,
+            displayName: anyProfile.displayName ?? profile.coreAttributes["DisplayName"]?.value,
+            publicAlias: anyProfile.publicAlias ?? profile.coreAttributes["PublicAlias"]?.value,
+            emailAddress: anyProfile.emailAddress ?? profile.coreAttributes["EmailAddress"]?.value,
+            avatar: profile.coreAttributes["Avatar"]?.value?.value,
+            /**
+             * The time at which this profile was last changed.
+             */
+            timeStamp: profile.timeStamp,
+        };
+    }
+}
+
+export class AzureReadableStreamError extends Error {
+    constructor(message: string, public statusCode?: number) {
+        super(message);
+    }
+
+    private static isIncomingMessage(stream: NodeJS.ReadableStream): stream is IncomingMessage {
+        return "statusCode" in stream && typeof (stream as any).statusCode === "number";
+    }
+
+    static tryCreate(stream: NodeJS.ReadableStream): AzureReadableStreamError | undefined {
+        if (AzureReadableStreamError.isIncomingMessage(stream)) {
+            if (stream.statusCode === 200) {
+                return;
+            }
+            return new AzureReadableStreamError(`HTTP ${stream.statusCode} ${stream.statusMessage}`, stream.statusCode);
+        }
+    }
+}
diff --git a/components/server/src/azure-devops/azure-auth-provider.ts b/components/server/src/azure-devops/azure-auth-provider.ts
new file mode 100644
index 00000000000000..665be7a1be6901
--- /dev/null
+++ b/components/server/src/azure-devops/azure-auth-provider.ts
@@ -0,0 +1,103 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import express from "express";
+import { injectable, inject } from "inversify";
+import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { AuthProviderInfo } from "@gitpod/gitpod-protocol";
+import { AzureDevOpsApi } from "./azure-api";
+import { GenericAuthProvider } from "../auth/generic-auth-provider";
+import { AuthUserSetup } from "../auth/auth-provider";
+import { oauthUrls } from "./azure-urls";
+import { AzureDevOpsOAuthScopes } from "@gitpod/public-api-common/lib/auth-providers";
+
+@injectable()
+export class AzureDevOpsAuthProvider extends GenericAuthProvider {
+    @inject(AzureDevOpsApi) protected readonly azureDevOpsApi: AzureDevOpsApi;
+
+    get info(): AuthProviderInfo {
+        return {
+            ...this.defaultInfo(),
+            scopes: AzureDevOpsOAuthScopes.ALL,
+            requirements: {
+                default: AzureDevOpsOAuthScopes.Requirements.DEFAULT,
+                publicRepo: AzureDevOpsOAuthScopes.REPO,
+                privateRepo: AzureDevOpsOAuthScopes.REPO,
+            },
+        };
+    }
+
+    private mergeAzureScope(scope: string[]) {
+        // offline_access is required but will not respond as scopes
+        for (const s of AzureDevOpsOAuthScopes.APPEND_WHEN_FETCHING) {
+            if (!scope.includes(s)) {
+                scope.push(s);
+            }
+        }
+        return scope;
+    }
+
+    /**
+     * Augmented OAuthConfig for GitLab
+     */
+    protected get oauthConfig() {
+        const oauth = this.params.oauth!;
+        const defaultUrls = oauthUrls(oauth);
+        const scopeSeparator = " ";
+        return <typeof oauth>{
+            ...oauth,
+            authorizationUrl: oauth.authorizationUrl || defaultUrls.authorizationUrl,
+            tokenUrl: oauth.tokenUrl || defaultUrls.tokenUrl,
+            settingsUrl: oauth.settingsUrl || defaultUrls.settingsUrl,
+            scope: AzureDevOpsOAuthScopes.ALL.join(scopeSeparator),
+            scopeSeparator,
+        };
+    }
+
+    authorize(
+        req: express.Request,
+        res: express.Response,
+        next: express.NextFunction,
+        state: string,
+        scope?: string[],
+    ) {
+        super.authorize(req, res, next, state, this.mergeAzureScope(scope ? scope : AzureDevOpsOAuthScopes.DEFAULT));
+    }
+
+    protected get baseURL() {
+        return `https://${this.params.host}`;
+    }
+
+    protected async readAuthUserSetup(accessToken: string, tokenResponse: object) {
+        try {
+            const profile = await this.azureDevOpsApi.getAuthenticatedUser(accessToken);
+            return <AuthUserSetup>{
+                authUser: {
+                    authId: profile.id,
+                    authName: profile.displayName,
+                    primaryEmail: profile.emailAddress,
+                    name: profile.displayName,
+                    avatarUrl: profile.avatar,
+                },
+                currentScopes: this.readScopesFromVerifyParams(tokenResponse),
+            };
+        } catch (error) {
+            log.error(`Reading current user info failed`, error, { error });
+            throw error;
+        }
+    }
+
+    protected readScopesFromVerifyParams(params: any) {
+        if (params && typeof params.scope === "string") {
+            return this.normalizeScopes((params.scope as string).split(" "));
+        }
+        return [];
+    }
+    protected normalizeScopes(scopes: string[]) {
+        const set = new Set(scopes);
+        return Array.from(set).sort();
+    }
+}
diff --git a/components/server/src/azure-devops/azure-container-module.ts b/components/server/src/azure-devops/azure-container-module.ts
new file mode 100644
index 00000000000000..7a11381e319ae2
--- /dev/null
+++ b/components/server/src/azure-devops/azure-container-module.ts
@@ -0,0 +1,34 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { ContainerModule } from "inversify";
+import { AuthProvider } from "../auth/auth-provider";
+import { FileProvider, RepositoryProvider, RepositoryHost } from "../repohost";
+import { IContextParser } from "../workspace/context-parser";
+import { IGitTokenValidator } from "../workspace/git-token-validator";
+import { AzureDevOpsApi } from "./azure-api";
+import { AzureDevOpsFileProvider } from "./azure-file-provider";
+import { AzureDevOpsAuthProvider } from "./azure-auth-provider";
+import { AzureDevOpsContextParser } from "./azure-context-parser";
+import { AzureDevOpsRepositoryProvider } from "./azure-repository-provider";
+import { AzureDevOpsTokenHelper } from "./azure-token-helper";
+import { AzureDevOpsTokenValidator } from "./azure-token-validator";
+
+export const azureDevOpsContainerModule = new ContainerModule((bind, _unbind, _isBound, rebind) => {
+    bind(RepositoryHost).toSelf().inSingletonScope();
+    bind(AzureDevOpsApi).toSelf().inSingletonScope();
+    bind(AzureDevOpsFileProvider).toSelf().inSingletonScope();
+    bind(FileProvider).toService(AzureDevOpsFileProvider);
+    bind(AzureDevOpsContextParser).toSelf().inSingletonScope();
+    bind(IContextParser).toService(AzureDevOpsContextParser);
+    bind(AzureDevOpsRepositoryProvider).toSelf().inSingletonScope();
+    bind(RepositoryProvider).toService(AzureDevOpsRepositoryProvider);
+    bind(AuthProvider).toService(AzureDevOpsAuthProvider);
+    bind(AzureDevOpsAuthProvider).toSelf().inSingletonScope();
+    bind(AzureDevOpsTokenHelper).toSelf().inSingletonScope();
+    bind(AzureDevOpsTokenValidator).toSelf().inSingletonScope();
+    bind(IGitTokenValidator).toService(AzureDevOpsTokenValidator);
+});
diff --git a/components/server/src/azure-devops/azure-context-parser.spec.ts b/components/server/src/azure-devops/azure-context-parser.spec.ts
new file mode 100644
index 00000000000000..4913ece1b5a892
--- /dev/null
+++ b/components/server/src/azure-devops/azure-context-parser.spec.ts
@@ -0,0 +1,327 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { suite, test, timeout, skip } from "@testdeck/mocha";
+import * as chai from "chai";
+const expect = chai.expect;
+
+import { AzureDevOpsContextParser } from "./azure-context-parser";
+import { User } from "@gitpod/gitpod-protocol";
+import { DevData, DevTestHelper } from "../dev/dev-data";
+import { ifEnvVarNotSet } from "@gitpod/gitpod-protocol/lib/util/skip-if";
+
+DevTestHelper.echoAzureTestTips();
+
+@suite(timeout(10000), skip(ifEnvVarNotSet(DevTestHelper.AzureTestEnv)))
+class TestAzureDevOpsContextParser {
+    protected parser: AzureDevOpsContextParser;
+    protected user: User;
+
+    public before() {
+        const container = DevTestHelper.createAzureSCMContainer();
+        this.parser = container.get(AzureDevOpsContextParser);
+        this.user = DevData.createTestUser();
+    }
+
+    @test public async testEmptyProject() {
+        const result = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/_git/empty-project",
+        );
+        expect(result).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "empty-project/empty-project",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/empty-project",
+                name: "empty-project",
+                cloneUrl: "https://dev.azure.com/services-azure/empty-project/_git/empty-project",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/empty-project/_git/empty-project",
+                defaultBranch: "main",
+            },
+            revision: "",
+        });
+    }
+
+    @test public async testEmptyProjectWithoutGitSegment() {
+        const result = await this.parser.handle({}, this.user, "https://dev.azure.com/services-azure/empty-project");
+        expect(result).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "empty-project/empty-project",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/empty-project",
+                name: "empty-project",
+                cloneUrl: "https://dev.azure.com/services-azure/empty-project/_git/empty-project",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/empty-project/_git/empty-project",
+                defaultBranch: "main",
+            },
+            revision: "",
+        });
+    }
+
+    @test public async testDefault() {
+        const result = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2",
+        );
+        expect(result).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "test-project/repo2 - main",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                defaultBranch: "main",
+            },
+            revision: "288dba56ce090ada9ee9338d016eb09a853fb49c",
+            ref: "main",
+            refType: "branch",
+        });
+    }
+
+    @test public async testPR() {
+        const result = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2/pullrequest/1",
+        );
+        expect(result).to.deep.include({
+            nr: 1,
+            base: {
+                repository: {
+                    host: "dev.azure.com",
+                    owner: "services-azure/test-project",
+                    name: "repo2",
+                    cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                    description: "main",
+                    webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                    defaultBranch: "main",
+                },
+                ref: "main",
+                refType: "branch",
+            },
+            title: "Test Pull Request",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                defaultBranch: "main",
+            },
+            ref: "develop-2",
+            refType: "branch",
+            revision: "5e6eb73e1f15e40b1d5fce35a16c1f4dee27b56a",
+        });
+    }
+
+    @test public async testBranch() {
+        const result1 = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2?path=%2F&version=GBdevelop-2&_a=contents",
+        );
+        expect(result1).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "test-project/repo2 - develop-2",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                defaultBranch: "main",
+            },
+            revision: "5e6eb73e1f15e40b1d5fce35a16c1f4dee27b56a",
+            ref: "develop-2",
+            refType: "branch",
+        });
+
+        const result2 = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2?path=/.gitpod.yml&version=GBdevelop-2&_a=contents",
+        );
+        expect(result2).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "test-project/repo2 - develop-2",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                defaultBranch: "main",
+            },
+            revision: "5e6eb73e1f15e40b1d5fce35a16c1f4dee27b56a",
+            ref: "develop-2",
+            refType: "branch",
+        });
+
+        const result3 = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2-fork?path=/src/index.js&version=GBdevelop-2",
+        );
+        expect(result3).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "test-project/repo2-fork - develop-2",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2-fork",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                defaultBranch: "main",
+            },
+            revision: "5e6eb73e1f15e40b1d5fce35a16c1f4dee27b56a",
+            ref: "develop-2",
+            refType: "branch",
+        });
+    }
+
+    @test public async testTag() {
+        const result = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2-fork?version=GTv0.0.1",
+        );
+        expect(result).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "test-project/repo2-fork - v0.0.1",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2-fork",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                defaultBranch: "main",
+            },
+            revision: "a4b191cb2e90201b65acc13e3cbb841ce1c1b5ef",
+            ref: "v0.0.1",
+            refType: "tag",
+        });
+
+        const result2 = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2-fork?version=GTv0.0.1&path=/.gitpod.yml",
+        );
+        expect(result2).to.deep.include({
+            path: "",
+            isFile: false,
+            title: "test-project/repo2-fork - v0.0.1",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2-fork",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                defaultBranch: "main",
+            },
+            revision: "a4b191cb2e90201b65acc13e3cbb841ce1c1b5ef",
+            ref: "v0.0.1",
+            refType: "tag",
+        });
+    }
+
+    @test public async testCommit() {
+        const result = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2-fork/commit/4c47246a2eacd9700aab401902775c248e85aee7",
+        );
+        expect(result).to.deep.include({
+            path: "",
+            ref: "",
+            refType: "revision",
+            revision: "4c47246a2eacd9700aab401902775c248e85aee7",
+            isFile: false,
+            title: "test-project/repo2-fork - Updated .gitpod.yml",
+            owner: "services-azure/test-project",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2-fork",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                defaultBranch: "main",
+            },
+        });
+
+        const result2 = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2-fork/commit/4c47246a2eacd9700aab401902775c248e85aee7?refName=refs%2Fheads%2Fdevelop",
+        );
+        expect(result2).to.deep.include({
+            path: "",
+            ref: "",
+            refType: "revision",
+            revision: "4c47246a2eacd9700aab401902775c248e85aee7",
+            isFile: false,
+            title: "test-project/repo2-fork - Updated .gitpod.yml",
+            owner: "services-azure/test-project",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2-fork",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                defaultBranch: "main",
+            },
+        });
+
+        const result3 = await this.parser.handle(
+            {},
+            this.user,
+            "https://dev.azure.com/services-azure/test-project/_git/repo2-fork/commit/4c47246a2eacd9700aab401902775c248e85aee7?refName=refs/heads/develop&path=/.gitpod.yml",
+        );
+        expect(result3).to.deep.include({
+            path: "",
+            ref: "",
+            refType: "revision",
+            revision: "4c47246a2eacd9700aab401902775c248e85aee7",
+            isFile: false,
+            title: "test-project/repo2-fork - Updated .gitpod.yml",
+            owner: "services-azure/test-project",
+            repository: {
+                host: "dev.azure.com",
+                owner: "services-azure/test-project",
+                name: "repo2-fork",
+                cloneUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                description: "main",
+                webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2-fork",
+                defaultBranch: "main",
+            },
+        });
+    }
+}
+
+module.exports = new TestAzureDevOpsContextParser();
diff --git a/components/server/src/azure-devops/azure-context-parser.ts b/components/server/src/azure-devops/azure-context-parser.ts
new file mode 100644
index 00000000000000..29460eafee3bcb
--- /dev/null
+++ b/components/server/src/azure-devops/azure-context-parser.ts
@@ -0,0 +1,322 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { injectable, inject } from "inversify";
+
+import { AzureDevOpsApi } from "./azure-api";
+import { IContextParser, AbstractContextParser, URLParts } from "../workspace/context-parser";
+import { AzureDevOpsTokenHelper } from "./azure-token-helper";
+import { NavigatorContext, PullRequestContext, User, WorkspaceContext } from "@gitpod/gitpod-protocol";
+import { TraceContext } from "@gitpod/gitpod-protocol/lib/util/tracing";
+import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { NotFoundError, UnauthorizedError } from "../errors";
+import { getOrgAndProject, normalizeBranchName, toBranch, toRepository } from "./azure-converter";
+import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
+import { AuthProviderParams } from "../auth/auth-provider";
+import { AzureDevOpsOAuthScopes } from "@gitpod/public-api-common/lib/auth-providers";
+import { RepoURL } from "../repohost";
+import { containsScopes } from "../prebuilds/token-scopes-inclusion";
+
+@injectable()
+export class AzureDevOpsContextParser extends AbstractContextParser implements IContextParser {
+    @inject(AzureDevOpsApi) protected readonly azureDevOpsApi: AzureDevOpsApi;
+    @inject(AzureDevOpsTokenHelper) protected readonly tokenHelper: AzureDevOpsTokenHelper;
+    @inject(AuthProviderParams) readonly config: AuthProviderParams;
+
+    public async handle(ctx: TraceContext, user: User, contextUrl: string): Promise<WorkspaceContext> {
+        const span = TraceContext.startSpan("AzureDevOpsContextParser", ctx);
+        span.setTag("contextUrl", contextUrl);
+
+        try {
+            const {
+                host,
+                owner: orgAndProject,
+                repoName,
+                moreSegments,
+                searchParams,
+            } = await this.parseURL(user, contextUrl);
+            const [azOrganization, azProject] = getOrgAndProject(orgAndProject);
+            if (moreSegments.length > 0) {
+                switch (moreSegments[0]) {
+                    case "pullrequest": {
+                        return await this.handlePullRequestContext(
+                            user,
+                            host,
+                            azOrganization,
+                            azProject,
+                            repoName,
+                            parseInt(moreSegments[1]),
+                        );
+                    }
+                    case "commit": {
+                        return await this.handleCommitContext(
+                            user,
+                            host,
+                            azOrganization,
+                            azProject,
+                            repoName,
+                            moreSegments[1],
+                        );
+                    }
+                }
+            }
+
+            const version = searchParams.get("version");
+            if (version) {
+                if (version.startsWith("GB")) {
+                    return await this.handleBranchContext(
+                        user,
+                        host,
+                        azOrganization,
+                        azProject,
+                        repoName,
+                        version.slice(2),
+                    );
+                }
+                if (version.startsWith("GT")) {
+                    return await this.handleTagContext(
+                        user,
+                        host,
+                        azOrganization,
+                        azProject,
+                        repoName,
+                        version.slice(2),
+                    );
+                }
+            }
+
+            return await this.handleDefaultContext(user, host, azOrganization, azProject, repoName);
+        } catch (error) {
+            if (error && error.statusCode === 401) {
+                const token = await this.tokenHelper.getCurrentToken(user);
+                throw UnauthorizedError.create({
+                    host: this.config.host,
+                    providerType: "AzureDevOps",
+                    requiredScopes: AzureDevOpsOAuthScopes.DEFAULT,
+                    repoName: RepoURL.parseRepoUrl(contextUrl)?.repo,
+                    providerIsConnected: !!token,
+                    isMissingScopes: containsScopes(token?.scopes, AzureDevOpsOAuthScopes.DEFAULT),
+                });
+            }
+            log.debug("AzureDevOps context parser: Failed to parse.", error);
+            throw error;
+        } finally {
+            span.finish();
+        }
+    }
+
+    public async parseURL(user: User, contextUrl: string): Promise<URLParts> {
+        const url = new URL(contextUrl);
+        const pathname = url.pathname.replace(/^\//, "").replace(/\/$/, "");
+        const segments = pathname.split("/").filter((e) => e !== "");
+        const host = this.host;
+        let azOrganization = "";
+        let azProject = "";
+        let repo = "";
+        let moreSegments: string[] = [];
+        if (segments.length === 2) {
+            // https://dev.azure.com/services-azure/empty-project
+            azOrganization = segments[0];
+            azProject = segments[1];
+            repo = azProject;
+        } else if (segments.length === 3 && segments[1] === "_git") {
+            // https://dev.azure.com/services-azure/_git/project2
+            azOrganization = segments[0];
+            azProject = segments[2];
+            repo = azProject;
+            moreSegments = segments.slice(3);
+        } else if (segments.length < 4 || segments[2] !== "_git") {
+            // https://dev.azure.com/services-azure/project2/_git/project2
+            throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Invalid Azure DevOps repository URL");
+        } else {
+            moreSegments = segments.slice(4);
+            azOrganization = segments[0];
+            azProject = segments[1];
+            repo = segments[3];
+        }
+        return {
+            host,
+            owner: `${azOrganization}/${azProject}`,
+            repoName: repo,
+            moreSegments,
+            searchParams: url.searchParams,
+        };
+    }
+
+    // https://dev.azure.com/services-azure/test-project/_git/repo2
+    protected async handleDefaultContext(
+        user: User,
+        host: string,
+        azOrganization: string,
+        azProject: string,
+        repo: string,
+    ): Promise<NavigatorContext> {
+        try {
+            const repository = await this.azureDevOpsApi.getRepository(user, azOrganization, azProject, repo);
+            const result: NavigatorContext = {
+                path: "",
+                isFile: false,
+                title: `${azProject}/${repo}`,
+                repository: toRepository(this.config.host, repository, azOrganization),
+                revision: "",
+            };
+            if (!repository.defaultBranch) {
+                return result;
+            }
+            try {
+                const branchName = normalizeBranchName(repository.defaultBranch);
+                const branch = toBranch(
+                    result.repository,
+                    await this.azureDevOpsApi.getBranch(user, azOrganization, azProject, repo, branchName),
+                );
+                if (!branch) {
+                    return result;
+                }
+                result.revision = branch.commit.sha;
+                result.title = `${result.title} - ${branchName}`;
+                result.ref = branchName;
+                result.refType = "branch";
+                return result;
+            } catch (error) {
+                // TODO(hw): [AZ] specific error handling
+                log.error("Failed to fetch default branch", error);
+                throw error;
+            }
+        } catch (error) {
+            if (UnauthorizedError.is(error)) {
+                throw error;
+            }
+            throw await NotFoundError.create(
+                await this.tokenHelper.getCurrentToken(user),
+                user,
+                host,
+                azProject,
+                repo,
+                error.message,
+            );
+        }
+    }
+
+    // PR
+    // https://dev.azure.com/services-azure/test-project/_git/repo2/pullrequest/1
+    protected async handlePullRequestContext(
+        user: User,
+        host: string,
+        azOrganization: string,
+        azProject: string,
+        repo: string,
+        pr: number,
+    ): Promise<PullRequestContext> {
+        const pullRequest = await this.azureDevOpsApi.getPullRequest(user, azOrganization, azProject, repo, pr);
+        const sourceRepo = toRepository(
+            this.config.host,
+            pullRequest.forkSource?.repository ?? pullRequest.repository!,
+            azOrganization,
+        );
+
+        const targetRepo = toRepository(this.config.host, pullRequest.repository!, azOrganization);
+        const result: PullRequestContext = {
+            nr: pr,
+            base: {
+                repository: targetRepo,
+                ref: normalizeBranchName(pullRequest.targetRefName!),
+                refType: "branch",
+            } as any as PullRequestContext["base"],
+            title: pullRequest.title ?? `${targetRepo.name} #${pr}`,
+            repository: sourceRepo,
+            ref: normalizeBranchName(pullRequest.sourceRefName!),
+            refType: "branch",
+            revision: pullRequest.lastMergeSourceCommit!.commitId!,
+        };
+        return result;
+    }
+
+    // branch: develop-2
+    // https://dev.azure.com/services-azure/test-project/_git/repo2?path=%2F&version=GBdevelop-2&_a=contents
+    // https://dev.azure.com/services-azure/test-project/_git/repo2?path=/.gitpod.yml&version=GBdevelop-2&_a=contents
+    // https://dev.azure.com/services-azure/test-project/_git/repo2-fork?path=/src/index.js&version=GBdevelop-2
+    protected async handleBranchContext(
+        user: User,
+        host: string,
+        azOrganization: string,
+        azProject: string,
+        repo: string,
+        branch: string,
+    ): Promise<NavigatorContext> {
+        const [repository, branchInfo] = await Promise.all([
+            this.azureDevOpsApi.getRepository(user, azOrganization, azProject, repo),
+            this.azureDevOpsApi.getBranch(user, azOrganization, azProject, repo, branch),
+        ]);
+        const result: NavigatorContext = {
+            path: "",
+            ref: branch,
+            refType: "branch",
+            // TODO(hw): [AZ] verify if empty repo will be broken or not
+            revision: branchInfo.commit?.commitId ?? "",
+            isFile: false,
+            title: `${azProject}/${repo} - ${branch}`,
+            repository: toRepository(this.config.host, repository, azOrganization),
+        };
+        return result;
+    }
+
+    // tag: v0.0.1
+    // https://dev.azure.com/services-azure/test-project/_git/repo2-fork?version=GTv0.0.1
+    // https://dev.azure.com/services-azure/test-project/_git/repo2-fork?version=GTv0.0.1&path=/.gitpod.yml
+    protected async handleTagContext(
+        user: User,
+        host: string,
+        azOrganization: string,
+        azProject: string,
+        repo: string,
+        tag: string,
+    ): Promise<NavigatorContext> {
+        const [repository, tagCommit] = await Promise.all([
+            this.azureDevOpsApi.getRepository(user, azOrganization, azProject, repo),
+            this.azureDevOpsApi.getTagCommit(user, azOrganization, azProject, repo, tag),
+        ]);
+        const result: NavigatorContext = {
+            path: "",
+            ref: tag,
+            refType: "tag",
+            revision: tagCommit.commitId!,
+            isFile: false,
+            title: `${azProject}/${repo} - ${tag}`,
+            repository: toRepository(this.config.host, repository, azOrganization),
+        };
+        return result;
+    }
+
+    // commit
+    // https://dev.azure.com/services-azure/test-project/_git/repo2-fork/commit/4c47246a2eacd9700aab401902775c248e85aee7
+    // https://dev.azure.com/services-azure/test-project/_git/repo2-fork/commit/4c47246a2eacd9700aab401902775c248e85aee7?refName=refs%2Fheads%2Fdevelop
+    // https://dev.azure.com/services-azure/test-project/_git/repo2-fork/commit/4c47246a2eacd9700aab401902775c248e85aee7?refName=refs/heads/develop&path=/.gitpod.yml
+    protected async handleCommitContext(
+        user: User,
+        host: string,
+        azOrganization: string,
+        azProject: string,
+        repo: string,
+        commit: string,
+    ): Promise<NavigatorContext> {
+        const [repoInfo, commitInfo] = await Promise.all([
+            this.azureDevOpsApi.getRepository(user, azOrganization, azProject, repo),
+            this.azureDevOpsApi.getCommit(user, azOrganization, azProject, repo, commit),
+        ]);
+        const result: NavigatorContext = {
+            path: "",
+            ref: "",
+            refType: "revision",
+            revision: commitInfo.commitId!,
+            isFile: false,
+            title: `${azProject}/${repo} - ${commitInfo.comment}`,
+            // @ts-ignore
+            owner: `${azOrganization}/${azProject}`,
+            repository: toRepository(this.config.host, repoInfo, azOrganization),
+        };
+        return result;
+    }
+}
diff --git a/components/server/src/azure-devops/azure-converter.ts b/components/server/src/azure-devops/azure-converter.ts
new file mode 100644
index 00000000000000..7a5b3875512d58
--- /dev/null
+++ b/components/server/src/azure-devops/azure-converter.ts
@@ -0,0 +1,73 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { Branch, CommitInfo, Repository } from "@gitpod/gitpod-protocol";
+import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
+import { GitBranchStats, GitCommitRef } from "azure-devops-node-api/interfaces/GitInterfaces";
+import { GitRepository } from "azure-devops-node-api/interfaces/TfvcInterfaces";
+
+export function toRepository(host: string, d: GitRepository, azOrgId?: string): Repository {
+    const azOrg = azOrgId ?? d.webUrl?.replace("https://dev.azure.com/", "").split("/").pop();
+    const azProject = d.project?.name;
+    if (!azOrg || !azProject) {
+        throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Invalid repository owner");
+    }
+    if (!d.name) {
+        throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Invalid repository name");
+    }
+    const owner = `${azOrg}/${azProject}`;
+    const branchName = normalizeBranchName(d.defaultBranch);
+    const name = d.name;
+    return {
+        host,
+        owner,
+        name,
+        cloneUrl: d.webUrl!,
+        description: branchName,
+        webUrl: d.webUrl,
+        defaultBranch: branchName,
+    };
+}
+
+export function normalizeBranchName(ref: string | undefined): string {
+    return ref?.replace("refs/heads/", "") ?? "main";
+}
+
+export function getOrgAndProject(orgAndProject: Repository["owner"]) {
+    const parts = orgAndProject.split("/");
+    if (parts.length < 2) {
+        throw new ApplicationError(ErrorCodes.BAD_REQUEST, `Invalid owner format`);
+    }
+    const [azOrg, azProject] = parts;
+    return [azOrg, azProject] as const;
+}
+
+export function toBranch(repo: Repository, d: GitBranchStats): Branch | undefined {
+    if (!d.commit) {
+        return;
+    }
+    const commit = toCommit(d.commit);
+    if (!commit) {
+        return;
+    }
+    const url = new URL(repo.cloneUrl);
+    url.searchParams.set("version", `GB${d.name}`);
+    return {
+        htmlUrl: url.toString(),
+        name: d.name!,
+        commit,
+    };
+}
+
+export function toCommit(d: GitCommitRef): CommitInfo | undefined {
+    return {
+        sha: d.commitId!,
+        author: d.author?.name || "unknown",
+        authorAvatarUrl: d.author?.imageUrl ?? "",
+        authorDate: d.author?.date?.toISOString(),
+        commitMessage: d.comment || "missing commit message",
+    };
+}
diff --git a/components/server/src/azure-devops/azure-file-provider.spec.ts b/components/server/src/azure-devops/azure-file-provider.spec.ts
new file mode 100644
index 00000000000000..be3593133e6476
--- /dev/null
+++ b/components/server/src/azure-devops/azure-file-provider.spec.ts
@@ -0,0 +1,79 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { User } from "@gitpod/gitpod-protocol";
+import { ifEnvVarNotSet } from "@gitpod/gitpod-protocol/lib/util/skip-if";
+import { expect } from "chai";
+import { Container } from "inversify";
+import { suite, test, timeout, skip } from "@testdeck/mocha";
+import { DevData, DevTestHelper } from "../dev/dev-data";
+import { AzureDevOpsFileProvider } from "./azure-file-provider";
+
+DevTestHelper.echoAzureTestTips();
+
+@suite(timeout(10000), skip(ifEnvVarNotSet(DevTestHelper.AzureTestEnv)))
+class TestAzureDevOpsFileProvider {
+    protected fileProvider: AzureDevOpsFileProvider;
+    protected user: User;
+    protected container: Container;
+
+    public before() {
+        this.container = DevTestHelper.createAzureSCMContainer();
+        this.fileProvider = this.container.get(AzureDevOpsFileProvider);
+        this.user = DevData.createTestUser();
+    }
+
+    @test public async testFileContent() {
+        const result = await this.fileProvider.getFileContent(
+            {
+                repository: {
+                    host: "dev.azure.com",
+                    owner: "services-azure/test-project",
+                    name: "repo2",
+                    cloneUrl: "https://services-azure@dev.azure.com/services-azure/test-project/_git/repo2",
+                    description: "main",
+                    webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                    defaultBranch: "main",
+                },
+                revision: "288dba56ce090ada9ee9338d016eb09a853fb49c",
+                ref: "main",
+                refType: "branch",
+            },
+            this.user,
+            ".gitpod.yml",
+        );
+        expect(result).to.equal(`tasks:
+  - name: task 1
+    command: echo hello
+  - name: task 2
+    init: echo 'task 1 - init'
+    command: echo 'task 2 - command'`);
+    }
+
+    @test public async testFileContentNotFound() {
+        const result = await this.fileProvider.getFileContent(
+            {
+                repository: {
+                    host: "dev.azure.com",
+                    owner: "services-azure/test-project",
+                    name: "repo2",
+                    cloneUrl: "https://services-azure@dev.azure.com/services-azure/test-project/_git/repo2",
+                    description: "main",
+                    webUrl: "https://dev.azure.com/services-azure/test-project/_git/repo2",
+                    defaultBranch: "main",
+                },
+                revision: "288dba56ce090ada9ee9338d016eb09a853fb49c",
+                ref: "main",
+                refType: "branch",
+            },
+            this.user,
+            "not_found.txt",
+        );
+        expect(result).to.equal(undefined);
+    }
+}
+
+module.exports = new TestAzureDevOpsFileProvider();
diff --git a/components/server/src/azure-devops/azure-file-provider.ts b/components/server/src/azure-devops/azure-file-provider.ts
new file mode 100644
index 00000000000000..18da3679287518
--- /dev/null
+++ b/components/server/src/azure-devops/azure-file-provider.ts
@@ -0,0 +1,86 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { injectable, inject } from "inversify";
+
+import { FileProvider, MaybeContent } from "../repohost/file-provider";
+import { Commit, User, Repository } from "@gitpod/gitpod-protocol";
+import { AzureDevOpsApi } from "./azure-api";
+import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { getOrgAndProject } from "./azure-converter";
+
+@injectable()
+export class AzureDevOpsFileProvider implements FileProvider {
+    @inject(AzureDevOpsApi) protected readonly azureDevOpsApi: AzureDevOpsApi;
+
+    public async getGitpodFileContent(commit: Commit, user: User): Promise<MaybeContent> {
+        const [azOrgId, azProject] = getOrgAndProject(commit.repository.owner);
+        const repoName = commit.repository.name;
+        const yamlVersion1 = await Promise.all([
+            this.azureDevOpsApi.getFileContent(user, azOrgId, azProject, repoName, commit, ".gitpod.yml"),
+            this.azureDevOpsApi.getFileContent(user, azOrgId, azProject, repoName, commit, ".gitpod"),
+        ]);
+        return yamlVersion1.filter((f) => !!f)[0];
+    }
+
+    public async getLastChangeRevision(
+        repository: Repository,
+        revisionOrBranch: string,
+        user: User,
+        path: string,
+    ): Promise<string> {
+        const [azOrgId, azProject] = getOrgAndProject(repository.owner);
+        const repoName = repository.name;
+        const results = await Promise.allSettled([
+            this.azureDevOpsApi.getCommits(user, azOrgId, azProject, repoName, {
+                filterCommit: {
+                    revision: revisionOrBranch,
+                    refType: "revision",
+                },
+                $top: 1,
+                itemPath: path,
+            }),
+            this.azureDevOpsApi.getCommits(user, azOrgId, azProject, repoName, {
+                filterCommit: {
+                    revision: "",
+                    ref: revisionOrBranch,
+                    refType: "tag",
+                },
+                $top: 1,
+                itemPath: path,
+            }),
+            this.azureDevOpsApi.getCommits(user, azOrgId, azProject, repoName, {
+                filterCommit: {
+                    revision: "",
+                    ref: revisionOrBranch,
+                    refType: "branch",
+                },
+                $top: 1,
+                itemPath: path,
+            }),
+        ]);
+        for (const result of results) {
+            if (result.status === "rejected") {
+                continue;
+            }
+            if (result.value && result.value.length > 0 && result.value[0].commitId) {
+                return result.value[0].commitId;
+            }
+        }
+        // TODO(hw): [AZ] proper handle error
+        throw new Error(`File ${path} does not exist in repository ${repository.owner}/${repository.name}`);
+    }
+
+    public async getFileContent(commit: Commit, user: User, path: string): Promise<MaybeContent> {
+        try {
+            const [azOrgId, azProject] = getOrgAndProject(commit.repository.owner);
+            const repoName = commit.repository.name;
+            return await this.azureDevOpsApi.getFileContent(user, azOrgId, azProject, repoName, commit, path);
+        } catch (error) {
+            log.debug(error);
+        }
+    }
+}
diff --git a/components/server/src/azure-devops/azure-repository-provider.spec.ts b/components/server/src/azure-devops/azure-repository-provider.spec.ts
new file mode 100644
index 00000000000000..6fedb8ce086ef7
--- /dev/null
+++ b/components/server/src/azure-devops/azure-repository-provider.spec.ts
@@ -0,0 +1,44 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { User } from "@gitpod/gitpod-protocol";
+import { ifEnvVarNotSet } from "@gitpod/gitpod-protocol/lib/util/skip-if";
+import { expect } from "chai";
+import { suite, test, timeout, skip } from "@testdeck/mocha";
+import { DevData, DevTestHelper } from "../dev/dev-data";
+import { AzureDevOpsRepositoryProvider } from "./azure-repository-provider";
+
+DevTestHelper.echoAzureTestTips();
+
+@suite(timeout(10000), skip(ifEnvVarNotSet(DevTestHelper.AzureTestEnv)))
+class TestAzureDevOpsRepositoryProvider {
+    protected repositoryProvider: AzureDevOpsRepositoryProvider;
+    protected user: User;
+
+    public before() {
+        const container = DevTestHelper.createAzureSCMContainer();
+        this.repositoryProvider = container.get(AzureDevOpsRepositoryProvider);
+        this.user = DevData.createTestUser();
+    }
+
+    @test public async testFetchCommitHistory() {
+        const result = await this.repositoryProvider.getCommitHistory(
+            this.user,
+            "services-azure/test-project",
+            "repo2-fork",
+            "dafbf184f68e7ee4dc6d1174d962cab84b605eb2",
+            100,
+        );
+        expect(result).to.deep.equal([
+            "a4b191cb2e90201b65acc13e3cbb841ce1c1b5ef",
+            "5107e928e0970c5f04b32e110d0cf8e147fcc596",
+            "05f492e633098e4348468c97940cc68dcd566403",
+            "6e18c86b251982d5a289a362ce9eb5a270932b60",
+        ]);
+    }
+}
+
+module.exports = new TestAzureDevOpsRepositoryProvider();
diff --git a/components/server/src/azure-devops/azure-repository-provider.ts b/components/server/src/azure-devops/azure-repository-provider.ts
new file mode 100644
index 00000000000000..22a154b17a44bb
--- /dev/null
+++ b/components/server/src/azure-devops/azure-repository-provider.ts
@@ -0,0 +1,103 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { injectable, inject } from "inversify";
+
+import { User, Repository, Branch, CommitInfo, RepositoryInfo } from "@gitpod/gitpod-protocol";
+import { AzureDevOpsApi } from "./azure-api";
+import { RepositoryProvider } from "../repohost/repository-provider";
+
+import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { getOrgAndProject, toBranch, toCommit, toRepository } from "./azure-converter";
+import { AuthProviderParams } from "../auth/auth-provider";
+
+@injectable()
+export class AzureDevOpsRepositoryProvider implements RepositoryProvider {
+    @inject(AuthProviderParams) readonly config: AuthProviderParams;
+    @inject(AzureDevOpsApi) protected readonly azureDevOpsApi: AzureDevOpsApi;
+
+    async getRepo(user: User, owner: string, name: string): Promise<Repository> {
+        const [azOrg, azProject] = getOrgAndProject(owner);
+        const resp = await this.azureDevOpsApi.getRepository(user, azOrg, azProject, name);
+        return toRepository(this.config.host, resp, owner);
+    }
+
+    async getBranch(user: User, owner: string, repo: string, branch: string): Promise<Branch> {
+        const [azOrg, azProject] = getOrgAndProject(owner);
+        const [repository, branchResp] = await Promise.all([
+            await this.getRepo(user, owner, repo),
+            await this.azureDevOpsApi.getBranch(user, azOrg, azProject, repo, branch),
+        ]);
+        const item = toBranch(repository, branchResp);
+        if (!item) {
+            // TODO(hw): [AZ]
+            throw new Error("Failed to fetch commit.");
+        }
+        return item;
+    }
+
+    async getBranches(user: User, owner: string, repo: string): Promise<Branch[]> {
+        const branches: Branch[] = [];
+        const [azOrg, azProject] = getOrgAndProject(owner);
+        const [repository, response] = await Promise.all([
+            await this.getRepo(user, owner, repo),
+            await this.azureDevOpsApi.getBranches(user, azOrg, azProject, repo),
+        ]);
+        for (const b of response) {
+            const item = toBranch(repository, b);
+            if (!item) {
+                continue;
+            }
+            branches.push(item);
+        }
+        return branches;
+    }
+
+    async getCommitInfo(user: User, owner: string, repo: string, ref: string): Promise<CommitInfo | undefined> {
+        const [azOrg, azProject] = getOrgAndProject(owner);
+        const response = await this.azureDevOpsApi.getCommit(user, azOrg, azProject, repo, ref);
+        return toCommit(response);
+    }
+
+    async getUserRepos(user: User): Promise<RepositoryInfo[]> {
+        // FIXME(hw): Not implemented yet
+        return [];
+    }
+
+    async hasReadAccess(user: User, owner: string, repo: string): Promise<boolean> {
+        try {
+            const [azOrg, azProject] = getOrgAndProject(owner);
+            const response = await this.azureDevOpsApi.getRepository(user, azOrg, azProject, repo);
+            return !!response.id;
+        } catch (err) {
+            log.warn({ userId: user.id }, "hasReadAccess error", err, { owner, repo });
+            return false;
+        }
+    }
+
+    public async getCommitHistory(
+        user: User,
+        owner: string,
+        repo: string,
+        revision: string,
+        maxDepth: number = 100,
+    ): Promise<string[]> {
+        const [azOrg, azProject] = getOrgAndProject(owner);
+        const result = await this.azureDevOpsApi.getCommits(user, azOrg, azProject, repo, {
+            filterCommit: revision ? { revision, refType: "revision" } : undefined,
+            $top: maxDepth,
+        });
+        return result
+            .slice(1)
+            .map((c) => c.commitId)
+            .filter((c) => !!c) as string[];
+    }
+
+    public async searchRepos(user: User, searchString: string, limit: number): Promise<RepositoryInfo[]> {
+        // Not supported yet, see ENT-780
+        return [];
+    }
+}
diff --git a/components/server/src/azure-devops/azure-token-helper.ts b/components/server/src/azure-devops/azure-token-helper.ts
new file mode 100644
index 00000000000000..4a97fc8caa67ab
--- /dev/null
+++ b/components/server/src/azure-devops/azure-token-helper.ts
@@ -0,0 +1,57 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { User, Token } from "@gitpod/gitpod-protocol";
+import { UnauthorizedError } from "../errors";
+import { AuthProviderParams } from "../auth/auth-provider";
+import { injectable, inject } from "inversify";
+import { TokenProvider } from "../user/token-provider";
+import { AzureDevOpsOAuthScopes } from "@gitpod/public-api-common/lib/auth-providers";
+
+@injectable()
+export class AzureDevOpsTokenHelper {
+    @inject(AuthProviderParams) readonly config: AuthProviderParams;
+    @inject(TokenProvider) protected readonly tokenProvider: TokenProvider;
+
+    async getCurrentToken(user: User) {
+        try {
+            return await this.getTokenWithScopes(user, [
+                /* any scopes */
+            ]);
+        } catch {
+            // no token
+        }
+    }
+
+    async getTokenWithScopes(user: User, requiredScopes: string[]) {
+        const { host } = this.config;
+        try {
+            const token = await this.tokenProvider.getTokenForHost(user, host);
+            if (token && this.containsScopes(token, requiredScopes)) {
+                return token;
+            }
+        } catch (e) {
+            console.error(e);
+        }
+
+        if (requiredScopes.length === 0) {
+            requiredScopes = AzureDevOpsOAuthScopes.DEFAULT;
+        }
+        throw UnauthorizedError.create({
+            host,
+            providerType: "AzureDevOps",
+            requiredScopes: AzureDevOpsOAuthScopes.DEFAULT,
+            providerIsConnected: false,
+            isMissingScopes: true,
+        });
+    }
+
+    protected containsScopes(token: Token, wantedScopes: string[] | undefined): boolean {
+        const set = new Set(wantedScopes);
+        token.scopes.forEach((s) => set.delete(s));
+        return set.size === 0;
+    }
+}
diff --git a/components/server/src/azure-devops/azure-token-validator.ts b/components/server/src/azure-devops/azure-token-validator.ts
new file mode 100644
index 00000000000000..fadf2ae6703775
--- /dev/null
+++ b/components/server/src/azure-devops/azure-token-validator.ts
@@ -0,0 +1,42 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { injectable, inject } from "inversify";
+import { CheckWriteAccessResult, IGitTokenValidator, IGitTokenValidatorParams } from "../workspace/git-token-validator";
+import { AzureDevOpsApi } from "./azure-api";
+import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
+import { getOrgAndProject } from "./azure-converter";
+
+@injectable()
+export class AzureDevOpsTokenValidator implements IGitTokenValidator {
+    @inject(AzureDevOpsApi) protected readonly azureDevOpsApi: AzureDevOpsApi;
+
+    async checkWriteAccess(params: IGitTokenValidatorParams): Promise<CheckWriteAccessResult> {
+        let found = false;
+        let isPrivateRepo: boolean | undefined;
+        let writeAccessToRepo: boolean | undefined = false;
+        try {
+            const [azOrg, azProject] = getOrgAndProject(params.owner);
+            await this.azureDevOpsApi.getRepository(params.token, azOrg, azProject, params.repo);
+            // once repository is found, we know the token is valid
+            found = true;
+            // we don't know if the repository is private or public from API
+            isPrivateRepo = true;
+            // there's no API to check if the token has write access to the repository
+            // we required vso.code_write scope, so default should be true
+            writeAccessToRepo = true;
+        } catch (error) {
+            log.error(error);
+        }
+        return {
+            found,
+            isPrivateRepo,
+            writeAccessToRepo,
+            mayWritePrivate: true,
+            mayWritePublic: true,
+        };
+    }
+}
diff --git a/components/server/src/azure-devops/azure-urls.ts b/components/server/src/azure-devops/azure-urls.ts
new file mode 100644
index 00000000000000..0675d4427b00cc
--- /dev/null
+++ b/components/server/src/azure-devops/azure-urls.ts
@@ -0,0 +1,15 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { AuthProviderEntry } from "@gitpod/gitpod-protocol";
+
+export function oauthUrls(customConfig: Required<AuthProviderEntry.OAuth2CustomConfig>) {
+    return {
+        authorizationUrl: customConfig.authorizationUrl,
+        tokenUrl: customConfig.tokenUrl,
+        settingsUrl: "",
+    };
+}
diff --git a/components/server/src/dev/dev-data.ts b/components/server/src/dev/dev-data.ts
index 271b94684d6b37..b8463e43544958 100644
--- a/components/server/src/dev/dev-data.ts
+++ b/components/server/src/dev/dev-data.ts
@@ -5,7 +5,21 @@
  */
 
 import { IssueContext, User, PullRequestContext, Repository, Token } from "@gitpod/gitpod-protocol";
-import { GitHubOAuthScopes, GitLabOAuthScopes } from "@gitpod/public-api-common/lib/auth-providers";
+import {
+    GitHubOAuthScopes,
+    GitLabOAuthScopes,
+    AzureDevOpsOAuthScopes,
+} from "@gitpod/public-api-common/lib/auth-providers";
+import { AzureDevOpsContextParser } from "../azure-devops/azure-context-parser";
+import { AzureDevOpsApi } from "../azure-devops/azure-api";
+import { AuthProviderParams } from "../auth/auth-provider";
+import { AzureDevOpsTokenHelper } from "../azure-devops/azure-token-helper";
+import { TokenProvider } from "../user/token-provider";
+import { HostContextProvider } from "../auth/host-context-provider";
+import { Container, ContainerModule } from "inversify";
+import { AzureDevOpsFileProvider } from "../azure-devops/azure-file-provider";
+import { AzureDevOpsRepositoryProvider } from "../azure-devops/azure-repository-provider";
+import { Config } from "../config";
 
 export namespace DevData {
     export function createTestUser(): User {
@@ -38,6 +52,11 @@ export namespace DevData {
     }
 
     export function createGitHubTestToken(): Token {
+        if (!process.env.GITPOD_TEST_TOKEN_GITHUB) {
+            console.error(
+                `GITPOD_TEST_TOKEN_GITHUB env var is not set\n\n\t export GITPOD_TEST_TOKEN_GITHUB='{"username": "gitpod-test", "token": $AZURE_TOKEN}'`,
+            );
+        }
         return {
             ...getTokenFromEnv("GITPOD_TEST_TOKEN_GITHUB"),
             scopes: [GitHubOAuthScopes.EMAIL, GitHubOAuthScopes.PUBLIC, GitHubOAuthScopes.PRIVATE],
@@ -64,6 +83,13 @@ export namespace DevData {
         };
     }
 
+    export function createAzureDevOpsTestToken(): Token {
+        return {
+            ...getTokenFromEnv("GITPOD_TEST_TOKEN_AZURE_DEVOPS"),
+            scopes: [...AzureDevOpsOAuthScopes.DEFAULT],
+        };
+    }
+
     export function createBitbucketTestToken(): Token {
         const result = {
             ...getTokenFromEnv("GITPOD_TEST_TOKEN_BITBUCKET"),
@@ -116,3 +142,41 @@ export namespace DevData {
         };
     }
 }
+
+export namespace DevTestHelper {
+    export const AzureTestEnv = "GITPOD_TEST_TOKEN_AZURE_DEVOPS";
+    export function echoAzureTestTips() {
+        if (!process.env[AzureTestEnv]) {
+            console.warn(
+                `No Azure DevOps test token set. Skipping Azure DevOps tests.\n\t export AZURE_TOKEN=<your-token>\nexport ${AzureTestEnv}='{"value": "'$AZURE_TOKEN'"}'`,
+            );
+        }
+    }
+    export function createAzureSCMContainer() {
+        const container = new Container();
+        const AUTH_HOST_CONFIG: Partial<AuthProviderParams> = {
+            id: "0000-Azure-DevOps",
+            type: "AzureDevOps",
+            verified: true,
+            description: "",
+            icon: "",
+            host: "dev.azure.com",
+        };
+        container.load(
+            new ContainerModule((bind, unbind, isBound, rebind) => {
+                bind(Config).toConstantValue({});
+                bind(AzureDevOpsContextParser).toSelf().inSingletonScope();
+                bind(AzureDevOpsApi).toSelf().inSingletonScope();
+                bind(AuthProviderParams).toConstantValue(AUTH_HOST_CONFIG);
+                bind(AzureDevOpsTokenHelper).toSelf().inSingletonScope();
+                bind(TokenProvider).toConstantValue(<TokenProvider>{
+                    getTokenForHost: async () => DevData.createAzureDevOpsTestToken(),
+                });
+                bind(HostContextProvider).toConstantValue(DevData.createDummyHostContextProvider());
+                bind(AzureDevOpsFileProvider).toSelf().inSingletonScope();
+                bind(AzureDevOpsRepositoryProvider).toSelf().inSingletonScope();
+            }),
+        );
+        return container;
+    }
+}
diff --git a/components/server/src/repohost/repo-url.spec.ts b/components/server/src/repohost/repo-url.spec.ts
index 9b28b06b63f2ba..484257283bdcf4 100644
--- a/components/server/src/repohost/repo-url.spec.ts
+++ b/components/server/src/repohost/repo-url.spec.ts
@@ -82,6 +82,17 @@ export class RepoUrlTest {
             repo: "repoName",
         });
     }
+
+    @test public parseAzureScmUrl() {
+        const testUrl = RepoURL.parseRepoUrl(
+            "https://services-azure@dev.azure.com/services-azure/open-to-edit-project/_git/repo2.kai.klasen.git",
+        );
+        expect(testUrl).to.deep.include({
+            host: "dev.azure.com",
+            owner: "services-azure/open-to-edit-project",
+            repo: "repo2.kai.klasen",
+        });
+    }
 }
 
 module.exports = new RepoUrlTest();
diff --git a/components/server/src/repohost/repo-url.ts b/components/server/src/repohost/repo-url.ts
index 500287dee974ba..5475b5e959d0bf 100644
--- a/components/server/src/repohost/repo-url.ts
+++ b/components/server/src/repohost/repo-url.ts
@@ -32,6 +32,10 @@ export namespace RepoURL {
                 repoKind = "users";
                 owner = owner.substring(1);
             }
+            // Azure DevOps
+            if (owner.endsWith("/_git")) {
+                owner = owner.slice(0, -5);
+            }
             const repo = endSegment.endsWith(".git") ? endSegment.slice(0, -4) : endSegment;
             return { host, owner, repo, repoKind };
         }
diff --git a/yarn.lock b/yarn.lock
index 371165eed2369c..c6a52058d73d43 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4963,6 +4963,14 @@ axobject-query@^3.1.1:
   dependencies:
     dequal "^2.0.3"
 
+azure-devops-node-api@^14.0.2:
+  version "14.0.2"
+  resolved "https://registry.yarnpkg.com/azure-devops-node-api/-/azure-devops-node-api-14.0.2.tgz#8370a7e4af741b59a8f264ae1ccf28aaf8fb2e34"
+  integrity sha512-TwjAEnWnOSZ2oypkDyqppgvJw43qArEfPiJtEWLL3NBgdvAuOuB0xgFz/Eiz4H6Dk0Yv52wCodZxtZvAMhJXwQ==
+  dependencies:
+    tunnel "0.0.6"
+    typed-rest-client "^2.0.1"
+
 babel-jest@^27.4.2, babel-jest@^27.5.1:
   version "27.5.1"
   resolved "https://registry.yarnpkg.com/babel-jest/-/babel-jest-27.5.1.tgz#a1bf8d61928edfefd21da27eb86a695bfd691444"
@@ -5465,6 +5473,17 @@ call-bind@^1.0.0, call-bind@^1.0.2:
     function-bind "^1.1.1"
     get-intrinsic "^1.0.2"
 
+call-bind@^1.0.7:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.7.tgz#06016599c40c56498c18769d2730be242b6fa3b9"
+  integrity sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==
+  dependencies:
+    es-define-property "^1.0.0"
+    es-errors "^1.3.0"
+    function-bind "^1.1.2"
+    get-intrinsic "^1.2.4"
+    set-function-length "^1.2.1"
+
 callsites@^3.0.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73"
@@ -6550,6 +6569,15 @@ default-gateway@^6.0.3:
   dependencies:
     execa "^5.0.0"
 
+define-data-property@^1.1.4:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/define-data-property/-/define-data-property-1.1.4.tgz#894dc141bb7d3060ae4366f6a0107e68fbe48c5e"
+  integrity sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==
+  dependencies:
+    es-define-property "^1.0.0"
+    es-errors "^1.3.0"
+    gopd "^1.0.1"
+
 define-lazy-prop@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz#3f7ae421129bcaaac9bc74905c98a0009ec9ee7f"
@@ -6618,6 +6646,14 @@ des.js@^1.0.0:
     inherits "^2.0.1"
     minimalistic-assert "^1.0.0"
 
+des.js@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/des.js/-/des.js-1.1.0.tgz#1d37f5766f3bbff4ee9638e871a8768c173b81da"
+  integrity sha512-r17GxjhUCjSRy8aiJpr8/UadFIzMzJGexI3Nmz4ADi9LYSFx4gTBp80+NaX/YsXWWLhpZ7v/v/ubEc/bCNfKwg==
+  dependencies:
+    inherits "^2.0.1"
+    minimalistic-assert "^1.0.0"
+
 destroy@~1.0.4:
   version "1.0.4"
   resolved "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz"
@@ -7093,6 +7129,18 @@ es-abstract@^1.20.4, es-abstract@^1.21.2, es-abstract@^1.21.3:
     unbox-primitive "^1.0.2"
     which-typed-array "^1.1.10"
 
+es-define-property@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.0.tgz#c7faefbdff8b2696cf5f46921edfb77cc4ba3845"
+  integrity sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==
+  dependencies:
+    get-intrinsic "^1.2.4"
+
+es-errors@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
+  integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
+
 es-get-iterator@^1.1.1, es-get-iterator@^1.1.2:
   version "1.1.2"
   resolved "https://registry.npmjs.org/es-get-iterator/-/es-get-iterator-1.1.2.tgz"
@@ -8160,6 +8208,11 @@ function-bind@^1.1.1:
   resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz"
   integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==
 
+function-bind@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c"
+  integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
+
 function.prototype.name@^1.1.4, function.prototype.name@^1.1.5:
   version "1.1.5"
   resolved "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz"
@@ -8284,6 +8337,17 @@ get-intrinsic@^1.1.3, get-intrinsic@^1.2.0, get-intrinsic@^1.2.1:
     has-proto "^1.0.1"
     has-symbols "^1.0.3"
 
+get-intrinsic@^1.2.4:
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.4.tgz#e385f5a4b5227d449c3eabbad05494ef0abbeadd"
+  integrity sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==
+  dependencies:
+    es-errors "^1.3.0"
+    function-bind "^1.1.2"
+    has-proto "^1.0.1"
+    has-symbols "^1.0.3"
+    hasown "^2.0.0"
+
 get-nonce@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/get-nonce/-/get-nonce-1.0.1.tgz#fdf3f0278073820d2ce9426c18f07481b1e0cdf3"
@@ -8641,6 +8705,13 @@ has-property-descriptors@^1.0.0:
   dependencies:
     get-intrinsic "^1.1.1"
 
+has-property-descriptors@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz#963ed7d071dc7bf5f084c5bfbe0d1b6222586854"
+  integrity sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==
+  dependencies:
+    es-define-property "^1.0.0"
+
 has-proto@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.1.tgz#1885c1305538958aff469fef37937c22795408e0"
@@ -8692,6 +8763,13 @@ hash.js@^1.0.0, hash.js@^1.0.3:
     inherits "^2.0.3"
     minimalistic-assert "^1.0.1"
 
+hasown@^2.0.0:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003"
+  integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==
+  dependencies:
+    function-bind "^1.1.2"
+
 he@1.2.0, he@^1.2.0:
   version "1.2.0"
   resolved "https://registry.npmjs.org/he/-/he-1.2.0.tgz"
@@ -10157,6 +10235,11 @@ js-cookie@^3.0.1:
   resolved "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz"
   integrity sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw==
 
+js-md4@^0.3.2:
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/js-md4/-/js-md4-0.3.2.tgz#cd3b3dc045b0c404556c81ddb5756c23e59d7cf5"
+  integrity sha512-/GDnfQYsltsjRswQhN9fhv3EMw2sCpUdrdxyWDOUK7eyD++r3gRhzgiQgc/x4MAv2i1iuQ4lxO5mvqM3vj4bwA==
+
 "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz"
@@ -11308,6 +11391,11 @@ object-inspect@^1.12.3:
   resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9"
   integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==
 
+object-inspect@^1.13.1:
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.2.tgz#dea0088467fb991e67af4058147a24824a3043ff"
+  integrity sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==
+
 object-is@^1.1.4:
   version "1.1.5"
   resolved "https://registry.npmjs.org/object-is/-/object-is-1.1.5.tgz"
@@ -12830,6 +12918,13 @@ qs@6.9.7:
   resolved "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz"
   integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==
 
+qs@^6.10.3:
+  version "6.13.0"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.13.0.tgz#6ca3bd58439f7e245655798997787b0d88a51906"
+  integrity sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==
+  dependencies:
+    side-channel "^1.0.6"
+
 qs@^6.11.0, qs@^6.11.2, qs@^6.9.4:
   version "6.11.2"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.2.tgz#64bea51f12c1f5da1bc01496f48ffcff7c69d7d9"
@@ -13906,6 +14001,18 @@ set-blocking@^2.0.0:
   resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
   integrity sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==
 
+set-function-length@^1.2.1:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/set-function-length/-/set-function-length-1.2.2.tgz#aac72314198eaed975cf77b2c3b6b880695e5449"
+  integrity sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==
+  dependencies:
+    define-data-property "^1.1.4"
+    es-errors "^1.3.0"
+    function-bind "^1.1.2"
+    get-intrinsic "^1.2.4"
+    gopd "^1.0.1"
+    has-property-descriptors "^1.0.2"
+
 setimmediate@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
@@ -13967,6 +14074,16 @@ side-channel@^1.0.3, side-channel@^1.0.4:
     get-intrinsic "^1.0.2"
     object-inspect "^1.9.0"
 
+side-channel@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.6.tgz#abd25fb7cd24baf45466406b1096b7831c9215f2"
+  integrity sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==
+  dependencies:
+    call-bind "^1.0.7"
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.4"
+    object-inspect "^1.13.1"
+
 sigmund@^1.0.1:
   version "1.0.1"
   resolved "https://registry.npmjs.org/sigmund/-/sigmund-1.0.1.tgz"
@@ -15130,6 +15247,17 @@ typed-array-length@^1.0.4:
     for-each "^0.3.3"
     is-typed-array "^1.1.9"
 
+typed-rest-client@^2.0.1:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/typed-rest-client/-/typed-rest-client-2.0.2.tgz#82d451b9a219bf8fa688b698b2581327be4b920d"
+  integrity sha512-rmAQM2gZw/PQpK5+5aSs+I6ZBv4PFC2BT1o+0ADS1SgSejA+14EmbI2Lt8uXwkX7oeOMkwFmg0pHKwe8D9IT5A==
+  dependencies:
+    des.js "^1.1.0"
+    js-md4 "^0.3.2"
+    qs "^6.10.3"
+    tunnel "0.0.6"
+    underscore "^1.12.1"
+
 typedarray-to-buffer@^3.1.5:
   version "3.1.5"
   resolved "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz"
@@ -15253,6 +15381,11 @@ underscore.deferred@^0.4.0:
   resolved "https://registry.yarnpkg.com/underscore.deferred/-/underscore.deferred-0.4.0.tgz#2753de633b9ff7db601a2f3fa2af92b3dd290e6c"
   integrity sha512-OByG6SGS1FlbQrOijhS/B+QBiKbbtoOt6KvLrF/042W/96poPkVIVfaYxvoxW7ifDwG6RgKFV2X2x/EYEPXObA==
 
+underscore@^1.12.1:
+  version "1.13.7"
+  resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.13.7.tgz#970e33963af9a7dda228f17ebe8399e5fbe63a10"
+  integrity sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==
+
 underscore@~1.13.2:
   version "1.13.6"
   resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.13.6.tgz#04786a1f589dc6c09f761fc5f45b89e935136441"