TylerLeonhardt
commented
1 month ago @jianyexi can you tell me more about the scopes you are requesting?
Open jianyexi opened 1 month ago
TylerLeonhardt
commented
1 month ago @jianyexi can you tell me more about the scopes you are requesting?
jianyexi
commented
1 month ago @TylerLeonhardt below are scopes our extension will use: 'https://management.azure.com/.default', 'https://datalake.azure.net//.default', 'https://analysis.windows.net/powerbi/api/user_impersonation', 'https://storage.azure.com/user_impersonation', 'https://storage.azure.com/.default',
jianyexi
commented
1 month ago The 'scopes' I used in the description indicates the first argument of this vscode api authentication.getSession https://code.visualstudio.com/api/references/vscode-api#authentication
TylerLeonhardt
commented
2 weeks ago We should still get confirmation from the user (for security reasons) but I agree that there should be less prompts. This happens because of this: https://github.com/microsoft/vscode/blob/fd5bc1eca4f007412c0d3c487519fa9031f4dddc/src/vs/workbench/services/authentication/browser/authenticationExtensionsService.ts#L139-L179
Which operates per set of scopes. We should instead have this not have anything to do with scopes.
Currently, if an extension try get the session from the built-in authentication provider (authentication.getSession) , the first time, VsCode will prompt an notification (the extension xxx want to sign in / access a Microsoft account ) to let user confirm. This brings bad experience when an extension want to get session for multiple scopes, as the user need to confirm multiple time (each scope a confirmation). I think we can provide a whitelist of extensions (at least for microsoft internal extension) to bypass it or we can only prompt once for the same microsoft account