Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-05-01 22:12:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Introduce Issuer handling in the Authentication stack (#248948)

Browse Source 
Mostly plumbing... this enables:
```
vscode.authentication.getSession('microsoft', scopes, { issuer: "https://login.microsoftonline.com/common/v2.0" });
```
And the respective API for an auth providers to handle it being passed in.

This props up work in MCP land which needs a way to map an issuer to an auth provider... but I certainly see utility outside of that space.

Fixes https://github.com/microsoft/vscode/issues/248775#issuecomment-2876711396
This commit is contained in:
Tyler James Leonhardt
2025-05-14 14:02:15 -07:00
committed by GitHub
parent 1e03c9074c
commit 86efdcd2c1
22 changed files with 365 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
extensions/microsoft-authentication/src/AADHelper.ts
View File

@@ -203,7 +203,7 @@ export class AzureActiveDirectoryService {
return this._sessionChangeEmitter.event;
}
public getSessions(scopes?: string[], account?: vscode.AuthenticationSessionAccountInformation): Promise<vscode.AuthenticationSession[]> {
public getSessions(scopes: string[] | undefined, { account, issuer }: vscode.AuthenticationProviderSessionOptions = {}): Promise<vscode.AuthenticationSession[]> {
if (!scopes) {
this._logger.info('Getting sessions for all scopes...');
const sessions = this._tokens
@@ -226,6 +226,12 @@ export class AzureActiveDirectoryService {
if (!modifiedScopes.includes('offline_access')) {
modifiedScopes.push('offline_access');
}
if (issuer) {
const tenant = issuer.path.split('/')[1];
if (tenant) {
modifiedScopes.push(`VSCODE_TENANT:${tenant}`);
}
}
modifiedScopes = modifiedScopes.sort();
const modifiedScopesStr = modifiedScopes.join(' ');
@@ -237,7 +243,7 @@ export class AzureActiveDirectoryService {
scopeStr: modifiedScopesStr,
// filter our special scopes
scopesToSend: modifiedScopes.filter(s => !s.startsWith('VSCODE_')).join(' '),
tenant: this.getTenantId(scopes),
tenant: this.getTenantId(modifiedScopes),
};
this._logger.trace(`[${scopeData.scopeStr}] Queued getting sessions` + account ? ` for ${account?.label}` : '');
@@ -297,7 +303,7 @@ export class AzureActiveDirectoryService {
.map(result => (result as PromiseFulfilledResult<vscode.AuthenticationSession>).value);
}
public createSession(scopes: string[], account?: vscode.AuthenticationSessionAccountInformation): Promise<vscode.AuthenticationSession> {
public createSession(scopes: string[], { account, issuer }: vscode.AuthenticationProviderSessionOptions = {}): Promise<vscode.AuthenticationSession> {
let modifiedScopes = [...scopes];
if (!modifiedScopes.includes('openid')) {
modifiedScopes.push('openid');
@@ -311,6 +317,12 @@ export class AzureActiveDirectoryService {
if (!modifiedScopes.includes('offline_access')) {
modifiedScopes.push('offline_access');
}
if (issuer) {
const tenant = issuer.path.split('/')[1];
if (tenant) {
modifiedScopes.push(`VSCODE_TENANT:${tenant}`);
}
}
modifiedScopes = modifiedScopes.sort();
const scopeData: IScopeData = {
originalScopes: scopes,
@@ -319,7 +331,7 @@ export class AzureActiveDirectoryService {
// filter our special scopes
scopesToSend: modifiedScopes.filter(s => !s.startsWith('VSCODE_')).join(' '),
clientId: this.getClientId(scopes),
tenant: this.getTenantId(scopes),
tenant: this.getTenantId(modifiedScopes),
};
this._logger.trace(`[${scopeData.scopeStr}] Queued creating session`);