Files
vscode/build
Tyler James Leonhardt 2d95154af0 feat: XAA enterprise-managed MCP authentication (ID-JAG) (#318067)
Implements a 3-legged OAuth flow for enterprise-managed MCP servers where
VS Code routes per-resource authentication through a tenant-wide IdP via
ID-JAG (draft-ietf-oauth-identity-assertion-authz-grant) token exchange:

  1. User signs in once to the enterprise IdP (Auth Code + PKCE via the
     existing DynamicAuthProvider base class). The IdP id_token is stored
     in OS secret storage and survives window reload.
  2. The id_token is exchanged at the IdP for a resource-scoped ID-JAG
     assertion (RFC 8693 token exchange, subject_token_type=id_token,
     requested_token_type=id-jag, audience=<resource AS>).
  3. The ID-JAG is redeemed at the resource's authorization server
     (grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer) for a
     resource-scoped access token.
  4. The resource access token is used to call the MCP server.

Surfaces:

- New 'mcp.enterpriseManagedAuth.idp' setting (issuer/clientId/clientSecret),
  delivered via policy (McpEnterpriseManagedAuthIdp). The setting is
  hidden from Settings UI (included: false) but readable/writable by hand
  for local dev. APPLICATION scope so it never syncs.

- New 'enterpriseManaged' flag on MCP HTTP server entries triggers the
  XAA flow instead of per-server Dynamic Client Registration.

- New proposed API 'authSessionAudience' adds optional 'audience' to
  AuthenticationProviderSessionOptions so the XAA provider can receive
  the resource AS URL through the standard session options shape.

- IAuthenticationService grows createOrGetXaaProvider(issuer): registers
  one XAA provider per IdP issuer (shared across enterprise MCP servers).

- Resource-AS client secrets (distinct from IdP client secrets) are stored
  in OS secret storage keyed by (resource indicator, resource client_id)
  and resolved through the existing 'Set Client Secret' codelens above
  oauth.clientId in mcp.json, with a prompt fallback for first run.

Silent re-mint on reload: getSessions reads the persisted IdP session
from base-class secret storage and silently runs legs 2-4 to produce a
resource token without prompting. Only escalates to createSession when
the resource AS needs interactive client-secret entry.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-27 12:30:18 -07:00
..
2026-05-19 17:49:10 +00:00
2026-05-07 18:43:10 +02:00
2026-05-27 14:57:41 +02:00
2026-05-19 23:06:02 -07:00