The LoopbackAuthServer class in extensions/microsoft-authentication
is dead code with no references. The active loopback servers live in
extensions/github-authentication and src/vs/workbench/api/node.
Disabled protocol handlers and registry updates on Windows in portable mode.
Added API proposal to detect if VS Code is running in portable mode from extensions.
Skipped protocol redirect in GitHub authentication in portable mode.
* Support Linux & Intel Macs
This grabs the native files directly since the ones at the root are not expected to work in our cases, namely Intel Mac where we use arm machines to build the x64 build.
* actually include macOS intel bits
* Initial plan
* Remove web worker support from microsoft-authentication extension
- Remove browser entry point from package.json
- Remove browser webpack configuration
- Remove browser-specific scripts (compile-web, watch-web)
- Remove src/browser/ directory with browser-specific implementations
- Remove ExtensionHost.WebWorker enum value
- Remove supportsWebWorkerExtensionHost flags from all flows
- Simplify authProvider.ts by removing web worker detection logic
- Remove web worker test case from flows.test.ts
- Successfully compiled with 0 errors
Co-authored-by: TylerLeonhardt <2644648+TylerLeonhardt@users.noreply.github.com>
* couple references
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Sigh... Unfortunately, MSAL seems to fail for clients that don't have managed machines that have opted in to the broker... I have opened a blocking issue on them internally.
At least, when they fix it, it would just be a matter of updating the package version and the conditional here.
* Enable the broker in macOS
Fixes https://github.com/microsoft/vscode/issues/260158
* for testing
* better globbing
* guh
* guh
* delete
* log it all
* let's just log everything
* Only do on supported OS/Arches
* Add a console.log
* look at VSCODE_ARCH
* add msal files
* add entitlement maybe here
* actually it's probably here
* build: bundle msal libs for x64 and arm64
* revert that
* try again
* try adding $(AppIdentifierPrefix)
* temp: add debuggee entitlements
* bump msal and pass in redirect uri on macOS
* revert entitlement files
* forgot the .helper
* Allow PII for the output channel only
* use unsigned option
---------
Co-authored-by: deepak1556 <hop2deep@gmail.com>
* `issuer` -> `authorizationServer` refactor
Also:
* adds `authorizationServerGlobs` to the authentication contribution schema
* removes ugly MCP issuer hack and instead plumbs the authorizationServer down to the new auth providers
I moved to a factory model because there was just so much that needed to be async.
I think the amount of async code will be reduced in the future as we remove some migration logic, but this makes sure we don't accidentally create instances without awaiting their initialization.
The point here is that the user already allowed access to the account for one client id, so that should just apply to any client id that is being used since:
* If we don't actually _have_ an auth token, the user will be asked to log in - so they will see a prompt as expected
* If we _do_ have an auth token, then we rely on extension auth access to gate access to the account
Fixes https://github.com/microsoft/vscode/issues/241526
* Force an update after acquiring a token interactively
This will make sure the account cache is up-to-date before the acquireTokenInteractive ends.
A greater fix is maybe turning the accounts cache to be a promise... bit this is the candidate fix for now.
Fixes#235327
* also delete event
MSAL node made `clearCache` synchronous 🎉 so we can safely depend on it for clearing the cache.
> Context: The default behavior of MSAL's internal cache is that it is a union with what's in the persistant cache (secret storage) but what _we_ want is that secret storage is the source of truth, so every time we receive an update to secret storage, we clear the in-memory cache to get the data from the persistant cache.
Also bumps msal-node-extensions while we're at it.
Bascally, we reach into the old location in secret storage and if we find sessions (with a refresh token) we seed that in the MSAL world.
We do this one time... unless they switch back to the old world and then switch to the new world.
This has two different behaviors depending on if the Broker is used:
* If the broker is not used, this does what you might expect. It makes it seem totally transparent to the user that something has changed. All sessions get migrated over and the user is still logged in to what they were previously.
* If the broker is used... you don't get automatically logged in _unless_ you have already logged in to that account at the OS level. So this helps skip the "VS Code access layer" outlined in `accountAccess.ts`. Not as good as the previous bullet, but this is the best we can do in the broker world.
In time, we can remove this migration along with the old way of doing things.
This adopts the `NativeBrokerPlugin` provided by `@azure/msal-node-extensions` to provide the ability to use auth state from the OS, and show native auth dialogs instead of going to the browser.
This has several pieces:
* The adoption of the broker in the microsoft-authentication extension:
* Adding `NativeBrokerPlugin` to our PCAs
* Using the proposed handle API to pass the native window handle down to MSAL calls (btw, this API will change in a follow up PR)
* Adopting an AccountAccess layer to handle:
* giving the user control of which accounts VS Code uses
* an eventing layer so that auth state can be updated across multiple windows
* Getting the extension to build properly and only build what it really needs. This required several package.json/webpack hacks:
* Use a fake keytar since we don't use the feature in `@azure/msal-node-extensions` that uses keytar
* Use a fake dpapi layer since we don't use the feature in `@azure/msal-node-extensions` that uses it
* Ensure the msal runtime `.node` and `.dll` files are included in the bundle
* Get the VS Code build to allow a native node module in an extension: by having a list of native extensions that will be built in the "ci" part of the build - in other words when VS Code is building on the target platform
There are a couple of followups:
* Refactor the `handle` API to handle (heh) Auxiliary Windows https://github.com/microsoft/vscode/issues/233106
* Separate the call to `acquireTokenSilent` and `acquireTokenInteractive` and all the usage of this native node module into a separate process or maybe in Core... we'll see. Something to experiment with after we have something working. NEEDS FOLLOW UP ISSUE
Fixes https://github.com/microsoft/vscode/issues/229431
