Take my explanation with a grain of salt because it's only based on my investigation and assumptions on how browser-based CodeSpaces work. I haven't confirmed any of this with VS Code maintainers.
When connecting to a CodeSpace in your browser you're on a GitHub hosted link and authenticated through GitHub via the "GitHub CodeSpaces" GitHub App. See your authorized GitHub Apps
In all other scenarios, VS Code uses OAuth to authenticate with GitHub.
When you connect to a CodeSpace in your browser, without taking any actions, VS Code already shows that you're signed into GitHub. I'm guessing that this is a reflection of the default user-to-server token (ghu_) being present. For some reason, VS Code returns this token for the scopes we request in Static Web Apps (repo, workflow, user:email, read:user).
The SWA service cannot use the returned ghu_ token to create a Static Web App (it probably needs to in the future...).
Adding any additional scopes actually makes VS Code return a gho_ token. And GitHub doesn't seem to complain about asking for random non-existent scopes. My workaround is to request a token with an additional made up scope if we see get a ghu_ token from VS Code. In my testing this always results in VS Code returning a gho_ token and everything just works! This has also been confirmed by other users.
Fixes #827
Make sure to read https://github.com/microsoft/vscode-azurestaticwebapps/issues/827#issuecomment-1597881084 for context.
Take my explanation with a grain of salt because it's only based on my investigation and assumptions on how browser-based CodeSpaces work. I haven't confirmed any of this with VS Code maintainers.
I believe this is a VS Code bug. I filed https://github.com/microsoft/vscode/issues/185915
When connecting to a CodeSpace in your browser you're on a GitHub hosted link and authenticated through GitHub via the "GitHub CodeSpaces" GitHub App. See your authorized GitHub Apps
In all other scenarios, VS Code uses OAuth to authenticate with GitHub.
When you connect to a CodeSpace in your browser, without taking any actions, VS Code already shows that you're signed into GitHub. I'm guessing that this is a reflection of the default user-to-server token (
ghu_
) being present. For some reason, VS Code returns this token for the scopes we request in Static Web Apps (repo, workflow, user:email, read:user
).The SWA service cannot use the returned
ghu_
token to create a Static Web App (it probably needs to in the future...).Adding any additional scopes actually makes VS Code return a
gho_
token. And GitHub doesn't seem to complain about asking for random non-existent scopes. My workaround is to request a token with an additional made up scope if we see get aghu_
token from VS Code. In my testing this always results in VS Code returning agho_
token and everything just works! This has also been confirmed by other users.