Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Microsoft Auth Provider should support overriding client id and tenant id
See original GitHub issueThe Microsoft Auth Provider uses a specific AAD application with client id hardcoded here: https://github.com/microsoft/vscode/blob/582ea371c2bf785d88458dab95828387ad94a63d/extensions/microsoft-authentication/src/AADHelper.ts#L25-L26
However, this application only has access to a handful of scopes, and to add allowed scopes to this client id is a manual process (which for an external extension author means opening an issue here and then having one of us add that scope to the allowed scopes for the application)
As an extension author, I should easily be able to create my own AAD application (in the Azure Portal for example) and use that client id instead of the one vscode uses so that I can have control over the scopes I care about and, if this exists, I can get telemetry when my client id is used.
Since we have abstracted auth providers, I think it’s fitting to be able to pass additional auth provider specific options down to an auth provider. For example, the Microsoft auth provider would take a client id and tenant that would replace the hard coded string above.
Proposal:
/**
* Options to be used when getting an [AuthenticationSession](#AuthenticationSession) from an [AuthenticationProvider](#AuthenticationProvider).
*/
export interface AuthenticationGetSessionOptions {
/**
* Whether login should be performed if there is no matching session.
*
* If true, a modal dialog will be shown asking the user to sign in. If false, a numbered badge will be shown
* on the accounts activity bar icon. An entry for the extension will be added under the menu to sign in. This
* allows quietly prompting the user to sign in.
*
* Defaults to false.
*/
createIfNone?: boolean;
/**
* Whether the existing user session preference should be cleared.
*
* For authentication providers that support being signed into multiple accounts at once, the user will be
* prompted to select an account to use when [getSession](#authentication.getSession) is called. This preference
* is remembered until [getSession](#authentication.getSession) is called with this flag.
*
* Defaults to false.
*/
clearSessionPreference?: boolean;
/*************/
/*** NEW ***/
/*************/
/**
* Provider specific options for getting this session (i.e. client id, tenant)
*/
providerOptions?: { [key: string]: any; }
}
The Auth Provider would then need to be responsible for deciding if it already has created a session with these options or if it needs to create a new session based on these options.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:6
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@roeap that will be there for the foreseeable future… but I specifically haven’t closed this issue as it could change in the future.
small update in this space… I recently added a sample auth provider here: https://github.com/microsoft/vscode-extension-samples/tree/main/authenticationprovider-sample
using Azure DevOps PATs has the sample. For anyone looking to interact with Azure DevOps APIs, give this sample a look and use it until we better understand the work involved to properly support AzDO in the inbox Microsoft Auth Provider.