Enable the broker in macOS (#261148)

* Enable the broker in macOS Fixes https://github.com/microsoft/vscode/issues/260158 * for testing * better globbing * guh * guh * delete * log it all * let's just log everything * Only do on supported OS/Arches * Add a console.log * look at VSCODE_ARCH * add msal files * add entitlement maybe here * actually it's probably here * build: bundle msal libs for x64 and arm64 * revert that * try again * try adding $(AppIdentifierPrefix) * temp: add debuggee entitlements * bump msal and pass in redirect uri on macOS * revert entitlement files * forgot the .helper * Allow PII for the output channel only * use unsigned option --------- Co-authored-by: deepak1556 <hop2deep@gmail.com>
2026-04-20 16:49:06 +01:00 · 2025-08-27 14:31:09 -07:00
parent 543ea0e80d
commit da3cf78129
14 changed files with 178 additions and 93 deletions
--- a/extensions/microsoft-authentication/src/common/config.ts
+++ b/extensions/microsoft-authentication/src/common/config.ts
@@ -0,0 +1,19 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+
+export interface IConfig {
+	// The macOS broker redirect URI which is dependent on the bundle identifier of the signed app.
+	// Other platforms do not require a redirect URI to be set. For unsigned apps, the unsigned
+	// format can be used.
+	// Example formats:
+	// msauth.com.msauth.unsignedapp://auth or msauth.<bundleId>://auth
+	macOSBrokerRedirectUri: string;
+}
+
+export const Config: IConfig = {
+	// This is replaced in the build with the correct bundle id for that distro.
+	macOSBrokerRedirectUri: 'msauth.com.msauth.unsignedapp://auth'
+};
--- a/extensions/microsoft-authentication/src/common/loggerOptions.ts
+++ b/extensions/microsoft-authentication/src/common/loggerOptions.ts
@@ -19,13 +19,7 @@ export class MsalLoggerOptions {
 		return this._toMsalLogLevel(env.logLevel);
 	}

-	loggerCallback(level: MsalLogLevel, message: string, containsPii: boolean): void {
-		if (containsPii) {
-			// TODO: Should we still log the message if it contains PII? It's just going to
-			// an output channel that doesn't leave the machine.
-			this._output.debug('Skipped logging message because it may contain PII');
-			return;
-		}
+	loggerCallback(level: MsalLogLevel, message: string, _containsPii: boolean): void {

 		// Log to output channel one level lower than the MSAL log level
 		switch (level) {
--- a/extensions/microsoft-authentication/src/common/publicClientCache.ts
+++ b/extensions/microsoft-authentication/src/common/publicClientCache.ts
@@ -14,6 +14,7 @@ export interface ICachedPublicClientApplication {
 	removeAccount(account: AccountInfo): Promise<void>;
 	accounts: AccountInfo[];
 	clientId: string;
+	isBrokerAvailable: Readonly<boolean>;
 }

 export interface ICachedPublicClientApplicationManager {
--- a/extensions/microsoft-authentication/src/common/telemetryReporter.ts
+++ b/extensions/microsoft-authentication/src/common/telemetryReporter.ts
@@ -3,6 +3,7 @@
 *  Licensed under the MIT License. See License.txt in the project root for license information.
 *--------------------------------------------------------------------------------------------*/

+import { AuthError } from '@azure/msal-node';
 import TelemetryReporter, { TelemetryEventProperties } from '@vscode/extension-telemetry';
 import { IExperimentationTelemetry } from 'vscode-tas-client';

@@ -75,20 +76,36 @@ export class MicrosoftAuthenticationTelemetryReporter implements IExperimentatio
 	}

 	sendTelemetryErrorEvent(error: unknown): void {
-		const errorMessage = error instanceof Error ? error.message : String(error);
-		const errorStack = error instanceof Error ? error.stack : undefined;
-		const errorName = error instanceof Error ? error.name : undefined;
+		let errorMessage: string | undefined;
+		let errorName: string | undefined;
+		let errorCode: string | undefined;
+		let errorCorrelationId: string | undefined;
+		if (typeof error === 'string') {
+			errorMessage = error;
+		} else {
+			const authError: AuthError = error as any;
+			// don't set error message or stack because it contains PII
+			errorCode = authError.errorCode;
+			errorCorrelationId = authError.correlationId;
+			errorName = authError.name;
+		}

 		/* __GDPR__
 			"msalError" : {
 				"owner": "TylerLeonhardt",
 				"comment": "Used to determine how often users run into issues with the login flow.",
-				"errorMessage": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error message from the exception." },
-				"errorStack": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The stack trace from the exception." },
-				"errorName": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The name of the error." }
+				"errorMessage": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error message." },
+				"errorName": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The name of the error." },
+				"errorCode": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error code." },
+				"errorCorrelationId": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The error correlation id." }
 			}
 		*/
-		this._telemetryReporter.sendTelemetryErrorEvent('msalError', { errorMessage, errorStack, errorName });
+		this._telemetryReporter.sendTelemetryErrorEvent('msalError', {
+			errorMessage,
+			errorName,
+			errorCode,
+			errorCorrelationId,
+		});
 	}

 	/**