Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Microsoft Authentication Provider fails to authenticate in sovereign aka national/gov clouds e.g. Mooncake, DoD
See original GitHub issueDoes this issue occur when all extensions are disabled?: Yes/No
- VS Code Version: Version: 1.71.2
- OS Version: Windows 11 Enterprise, Version: 21H2, OS Build: 22000.978
Steps to Reproduce:
- Open PowerPages Studio (https://make.powerpages.microsoft.cn/)
- Login with correct credentials of a user in Mooncake
- Launch VSCode for web
- Notice the authentication popup (the AzureAD endpoint is https://login.microsoftonline.com/ it should have been https://login.partner.microsoftonline.cn/)
- Since the AzureAD endpoint is incorrect it is not able to find the user.
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:14 (7 by maintainers)
Top Results From Across the Web
Unable to authenticate your credentials error when you ...
Describes an issue that triggers an Unable to authenticate your credentials. Make sure that your user name is in the format @ error....
Read more >Microsoft US Sovereign Cloud Myth Busters - Active Directory ...
The 'IDP' here refers to the Federated Identity Provider (e.g. Active Directory Federation Services 'AD FS') for federated authentication.
Read more >Azure AD authentication & authorization error codes
The authenticated client isn't authorized to use this authorization grant type. This usually occurs when the client application isn't registered ...
Read more >Troubleshooting common authentication errors - Microsoft Learn
In this article. Unauthorized error; Forbidden error. Note. The Cloud Partner Portal APIs are integrated with and will continue working in ...
Read more >Access national cloud deployments with the Microsoft Graph ...
In this article. Prerequisites; Configure the SDK; Examples. By default, the Microsoft Graph SDKs are configured to access data in the ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Also GCC-H clouds are a thing. Just wanted to call that out as I am merging an issue about that with this issue.
Relating to the questions that @TylerLeonhardt raised, I can offer some insights from how the Azure Account extension does things.
There are two ways to log in to a sovereign cloud in the Azure Account extension. The first is to set some VSCode settings, and then log in. The second is a separate login command, “Log in to Azure Cloud…”, which first prompts for which sovereign cloud to log in to, and then sets the setting, and then proceeds with login as normal.
I think that both a setting in the auth provider extension and an input hack like
VSCODE_CLIENT_IDwould be helpful. The former would be ideal for users that want to configure every Azure extension all from one place. The latter would be good if there was an extension that wanted to reach “across” to a separate sovereign cloud. I saw in source code that the default login URL,microsoftonline.com, is hardcoded; I think that the default could be controlled by the setting, while including the ability to override with something like theVSCODE_CLIENT_ID.@jingloumsft I know we have some sovereign cloud accounts for testing, can we share these with Tyler?