Microsoft authentication broken on Codespaces (Web Insiders)

[ronakj]

Does this issue occur when all extensions are disabled?: Yes

• VS Code Version: 1.79.0-insiders
• OS Version: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.57

Steps to Reproduce:

1. Create Codespace in this repo.
2. Switch to insiders using settings icon in bottom left.
3. Install any extension which needs Microsoft login. I used this one https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureresourcegroups.
4. After going through the login process, come back to VSCode page. The extension doesn't seem to get the auth and VSCode also doesn't have any signed in Microsoft account in the account section.

This doesn't happen in stable version. I really want to make sure this issue doesn't get propagated to stable, because our Codespaces workflow is very heavily dependent on Microsoft auth working properly.

[TylerLeonhardt]

can you provide the contents of the Microsoft Authentication output pane:

And also anything that shows up in Dev Tools:

• ctrl + shift + P
• "Dev Tools"

[ronakj]

Microsoft Authentication (Remote) Output

``` 2023-05-30 19:12:03.564 [info] Reading sessions from secret storage... 2023-05-30 19:12:03.564 [info] Got 0 stored sessions 2023-05-30 19:12:03.564 [info] Getting sessions for all scopes... 2023-05-30 19:12:03.564 [info] Got 0 sessions for all scopes... 2023-05-30 19:12:03.564 [info] Getting sessions for the following scopes: email offline_access openid profile 2023-05-30 19:12:03.564 [info] Got 0 sessions for scopes: email offline_access openid profile 2023-05-30 19:12:32.578 [info] Getting sessions for the following scopes: email https://management.azure.com/.default offline_access openid profile 2023-05-30 19:12:32.578 [info] Got 0 sessions for scopes: email https://management.azure.com/.default offline_access openid profile 2023-05-30 19:12:34.252 [info] Logging in for the following scopes: email https://management.azure.com/.default offline_access openid profile ```

Microsoft Authentication Output

``` 2023-05-31 00:41:58.856 [info] Reading sessions from secret storage... 2023-05-31 00:41:58.856 [info] Got 0 stored sessions 2023-05-31 00:41:58.856 [info] Getting sessions for all scopes... 2023-05-31 00:41:58.856 [info] Got 0 sessions for all scopes... ```

Nothing relevant in Dev Tools (no errors, warnings after login)

[TylerLeonhardt]

@joaomoreno looks like the UrlHandler in the Microsoft auth extension isn't firing. Any ideas why?

[TylerLeonhardt]

One thing that’s interesting is that my open-external extension (code here) works fine:

but when I start either the Microsoft or GitHub auth flows… their URL Handlers in the extension never fire… so the issue appears to be before the auth extensions, but we have Core & Codespaces layers still to choose from.

Another simple repro with GitHub auth:

• Install my Fugio extension
• Run: Fugio: Mint Token
• Choose either github or microsoft
• if you choose GitHub, use workflow as the value for scopes. If you choose Microsoft, use offline_access as the value for scopes

Go through the flow. Works in Stable just fine... but not Insiders.

[TylerLeonhardt]

Adding @osortega + @jkeech from the Codespaces side.

[osortega]

@TylerLeonhardt this seems to be a CORS issue happening in the extension host worker

It also seems to only happen on latest insiders, if you go back in time and use an older version everything works fine. I'm unfamiliar with that particular request but perhaps there was a change in the request headers?

[TylerLeonhardt]

@osortega I think you must be experiencing something different from myself and @ronakj. I don't even get that far where that request happens.

[joaomoreno]

@TylerLeonhardt has bisected the behavior change to have happened somewhere in this commit range: https://github.com/microsoft/vscode/compare/9084e081d4e89ed8ab67fce340d573c4e1378939...9233de805c8fb05fad4d9d1c15f22fbca85430ad

[TylerLeonhardt]

Ok so to but a brief summary here...

This was happening because the GitHub Authentication extension was running in both the web worker extension host and the remote extension host.

@alexdima pushed a change that influenced when the web worker extension host started and this issue should be fixed in the latest insiders.

However, this fix only applies to Codespaces and not Remote Tunnels. I will close this issue since it's fixed for Codespaces, but I will open another issue for Remote Tunnels.