Enable the broker in macOS (#261148)

* Enable the broker in macOS

Fixes https://github.com/microsoft/vscode/issues/260158

* for testing

* better globbing

* guh

* guh

* delete

* log it all

* let's just log everything

* Only do on supported OS/Arches

* Add a console.log

* look at VSCODE_ARCH

* add msal files

* add entitlement maybe here

* actually it's probably here

* build: bundle msal libs for x64 and arm64

* revert that

* try again

* try adding $(AppIdentifierPrefix)

* temp: add debuggee entitlements

* bump msal and pass in redirect uri on macOS

* revert entitlement files

* forgot the .helper

* Allow PII for the output channel only

* use unsigned option

---------

Co-authored-by: deepak1556 <hop2deep@gmail.com>
This commit is contained in:
Tyler James Leonhardt
2025-08-27 14:31:09 -07:00
committed by GitHub
parent 543ea0e80d
commit da3cf78129
14 changed files with 178 additions and 93 deletions

View File

@@ -0,0 +1,19 @@
/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
export interface IConfig {
// The macOS broker redirect URI which is dependent on the bundle identifier of the signed app.
// Other platforms do not require a redirect URI to be set. For unsigned apps, the unsigned
// format can be used.
// Example formats:
// msauth.com.msauth.unsignedapp://auth or msauth.<bundleId>://auth
macOSBrokerRedirectUri: string;
}
export const Config: IConfig = {
// This is replaced in the build with the correct bundle id for that distro.
macOSBrokerRedirectUri: 'msauth.com.msauth.unsignedapp://auth'
};

View File

@@ -19,13 +19,7 @@ export class MsalLoggerOptions {
return this._toMsalLogLevel(env.logLevel);
}
loggerCallback(level: MsalLogLevel, message: string, containsPii: boolean): void {
if (containsPii) {
// TODO: Should we still log the message if it contains PII? It's just going to
// an output channel that doesn't leave the machine.
this._output.debug('Skipped logging message because it may contain PII');
return;
}
loggerCallback(level: MsalLogLevel, message: string, _containsPii: boolean): void {
// Log to output channel one level lower than the MSAL log level
switch (level) {

View File

@@ -14,6 +14,7 @@ export interface ICachedPublicClientApplication {
removeAccount(account: AccountInfo): Promise<void>;
accounts: AccountInfo[];
clientId: string;
isBrokerAvailable: Readonly<boolean>;
}
export interface ICachedPublicClientApplicationManager {

View File

@@ -3,6 +3,7 @@
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
import { AuthError } from '@azure/msal-node';
import TelemetryReporter, { TelemetryEventProperties } from '@vscode/extension-telemetry';
import { IExperimentationTelemetry } from 'vscode-tas-client';
@@ -75,20 +76,36 @@ export class MicrosoftAuthenticationTelemetryReporter implements IExperimentatio
}
sendTelemetryErrorEvent(error: unknown): void {
const errorMessage = error instanceof Error ? error.message : String(error);
const errorStack = error instanceof Error ? error.stack : undefined;
const errorName = error instanceof Error ? error.name : undefined;
let errorMessage: string | undefined;
let errorName: string | undefined;
let errorCode: string | undefined;
let errorCorrelationId: string | undefined;
if (typeof error === 'string') {
errorMessage = error;
} else {
const authError: AuthError = error as any;
// don't set error message or stack because it contains PII
errorCode = authError.errorCode;
errorCorrelationId = authError.correlationId;
errorName = authError.name;
}
/* __GDPR__
"msalError" : {
"owner": "TylerLeonhardt",
"comment": "Used to determine how often users run into issues with the login flow.",
"errorMessage": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error message from the exception." },
"errorStack": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The stack trace from the exception." },
"errorName": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The name of the error." }
"errorMessage": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error message." },
"errorName": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The name of the error." },
"errorCode": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error code." },
"errorCorrelationId": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error correlation id." }
}
*/
this._telemetryReporter.sendTelemetryErrorEvent('msalError', { errorMessage, errorStack, errorName });
this._telemetryReporter.sendTelemetryErrorEvent('msalError', {
errorMessage,
errorName,
errorCode,
errorCorrelationId,
});
}
/**