You probably want to have one PAT (Personal Access Token) for Azure DevOps in Jenkins Credentials and use it not only for getting source code from GIT, but also for getting NuGet packages for build, right?
So, you need withCredentials with the environment variable VSS_NUGET_EXTERNAL_FEED_ENDPOINTS to be used like:
steps { script { withCredentials(bindings: [usernamePassword(credentialsId: '...', passwordVariable: 'PAT', usernameVariable: 'PAT_USERNAME')]) { env.VSS_NUGET_EXTERNAL_FEED_ENDPOINTS = "{\"endpointCredentials\": [{\"endpoint\":\"https://YourOrgName.pkgs.visualstudio.com/_packaging/YourFeedName/nuget/v3/index.json\", \"username\":\"build\", \"password\":\"${PAT}\"}]}" sh "dotnet ..." } }}This greatly simplifies Jenkins CI solution with Azure DevOps, because now you have to monitor much less possible expirations.