Plumbs an optional 'resource' field through IAuthenticationService get/createSession options and the authIssuers proposal so MCP authentication can request audience-restricted tokens. mainThreadMcp now forwards authDetails.resourceMetadata.resource into both calls.
In the microsoft-authentication extension, the resource is threaded into MSAL's acquireTokenInteractive, acquireTokenByDeviceCode, and acquireTokenSilent. Bumps @azure/msal-node and @azure/msal-node-extensions to ^5.1.5; adapts to ServerAuthorizationCodeResponse -> AuthorizeResponse and fromNativeBroker -> fromPlatformBroker renames.
Adds tests verifying that getSessions/createSession forward 'resource' to the provider, and that each MSAL flow (default, protocol handler, device code) forwards 'resource' to the underlying MSAL call.
* Add `oauth` section to mcp.json to allow overriding of client id
More properties (like client secret) can come later... but this is the foundation, which is a lot of plumbing...
ref https://github.com/microsoft/vscode/issues/257415
* feedback
Just 3 left:
- git and github. These are doing weird stuff with d.ts imports and const enums
- github-authentication which has some tricky path mapping stuff
The LoopbackAuthServer class in extensions/microsoft-authentication
is dead code with no references. The active loopback servers live in
extensions/github-authentication and src/vs/workbench/api/node.
Disabled protocol handlers and registry updates on Windows in portable mode.
Added API proposal to detect if VS Code is running in portable mode from extensions.
Skipped protocol redirect in GitHub authentication in portable mode.
* Support Linux & Intel Macs
This grabs the native files directly since the ones at the root are not expected to work in our cases, namely Intel Mac where we use arm machines to build the x64 build.
* actually include macOS intel bits
* Initial plan
* Remove web worker support from microsoft-authentication extension
- Remove browser entry point from package.json
- Remove browser webpack configuration
- Remove browser-specific scripts (compile-web, watch-web)
- Remove src/browser/ directory with browser-specific implementations
- Remove ExtensionHost.WebWorker enum value
- Remove supportsWebWorkerExtensionHost flags from all flows
- Simplify authProvider.ts by removing web worker detection logic
- Remove web worker test case from flows.test.ts
- Successfully compiled with 0 errors
Co-authored-by: TylerLeonhardt <2644648+TylerLeonhardt@users.noreply.github.com>
* couple references
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
For #269213
This adds a new eslint rule for `as any` and `<any>({... })`. We'd like to remove almost all of these, however right now the first goal is to prevent them in new code. That's why with this first PR I simply add `eslint-disable` comments for all breaks
Trying to get this change in soon after branching off for release to hopefully minimize disruption during debt week work
Sigh... Unfortunately, MSAL seems to fail for clients that don't have managed machines that have opted in to the broker... I have opened a blocking issue on them internally.
At least, when they fix it, it would just be a matter of updating the package version and the conditional here.
* Enable the broker in macOS
Fixes https://github.com/microsoft/vscode/issues/260158
* for testing
* better globbing
* guh
* guh
* delete
* log it all
* let's just log everything
* Only do on supported OS/Arches
* Add a console.log
* look at VSCODE_ARCH
* add msal files
* add entitlement maybe here
* actually it's probably here
* build: bundle msal libs for x64 and arm64
* revert that
* try again
* try adding $(AppIdentifierPrefix)
* temp: add debuggee entitlements
* bump msal and pass in redirect uri on macOS
* revert entitlement files
* forgot the .helper
* Allow PII for the output channel only
* use unsigned option
---------
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Tyler James Leonhardt
Matt Bierner
Benjamin Pasero
Dmitriy Vasyura
dependabot[bot]
Copilot
Matt Bierner