mirror of
https://github.com/microsoft/vscode.git
synced 2026-07-03 04:56:44 +01:00
2d95154af0
Implements a 3-legged OAuth flow for enterprise-managed MCP servers where
VS Code routes per-resource authentication through a tenant-wide IdP via
ID-JAG (draft-ietf-oauth-identity-assertion-authz-grant) token exchange:
1. User signs in once to the enterprise IdP (Auth Code + PKCE via the
existing DynamicAuthProvider base class). The IdP id_token is stored
in OS secret storage and survives window reload.
2. The id_token is exchanged at the IdP for a resource-scoped ID-JAG
assertion (RFC 8693 token exchange, subject_token_type=id_token,
requested_token_type=id-jag, audience=<resource AS>).
3. The ID-JAG is redeemed at the resource's authorization server
(grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer) for a
resource-scoped access token.
4. The resource access token is used to call the MCP server.
Surfaces:
- New 'mcp.enterpriseManagedAuth.idp' setting (issuer/clientId/clientSecret),
delivered via policy (McpEnterpriseManagedAuthIdp). The setting is
hidden from Settings UI (included: false) but readable/writable by hand
for local dev. APPLICATION scope so it never syncs.
- New 'enterpriseManaged' flag on MCP HTTP server entries triggers the
XAA flow instead of per-server Dynamic Client Registration.
- New proposed API 'authSessionAudience' adds optional 'audience' to
AuthenticationProviderSessionOptions so the XAA provider can receive
the resource AS URL through the standard session options shape.
- IAuthenticationService grows createOrGetXaaProvider(issuer): registers
one XAA provider per IdP issuer (shared across enterprise MCP servers).
- Resource-AS client secrets (distinct from IdP client secrets) are stored
in OS secret storage keyed by (resource indicator, resource client_id)
and resolved through the existing 'Set Client Secret' codelens above
oauth.clientId in mcp.json, with a prompt fallback for first run.
Silent re-mint on reload: getSessions reads the persisted IdP session
from base-class secret storage and silently runs legs 2-4 to produce a
resource token without prompting. Only escalates to createSession when
the resource AS needs interactive client-secret entry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>