Open
Description
- VS Code Version: 1.64.2
- Azure Account Extension Version: v0.10.0
- OS Version: Windows_NT x64 10.0.19044
Steps to Reproduce:
We're having a extension which uses the Azure Account Extension as a dependency. With the new version v0.10.0 some users (but not all) in our tenant get the following error:
When those users downgrade to v0.9.11 the issue does not happen. Signing in and out again didn't help. Deleting the credentials stored in the Windows credential store also didn't.
Our extension uses the following snippet to get tokens:
const apiAzureAccount = vscode.extensions.getExtension<AzureAccountExtensionApi>('ms-vscode.azure-account')!.exports;
if (!(await apiAzureAccount.waitForLogin())) {
await vscode.commands.executeCommand('azure-account.askForLogin');
}
const credential = new VisualStudioCodeCredential();
var token = await credential.getToken(tokenAudience, { tenantId: tenantID });
Activity
lippertmarkus commentedon Feb 15, 2022
The following process seems to work for us:
wwlorey commentedon Feb 16, 2022
Hi @lippertmarkus, thanks for filing. What is the
Azure: Authentication Librarysetting for the effected users? Also, are the OS and VS Code versions you listed the only versions you ran into this problem with?Unfortunately I'm unable to reproduce this issue after creating a sample extension and using the API in the way you described. I tried on Mac and Windows using VS Code versions 1.65.0-insider and 1.64.2 respectively.
lippertmarkus commentedon Feb 16, 2022
@wwlorey I checked a few affected users, and they all had
ADALset as authentication library, but many other users who don't have the problem also hadADALset here. Also switching the affected users toMSALdidn't help with the issue. The only thing that helped is the process I mentioned in my last comment.wwlorey commentedon Feb 16, 2022
Thanks, @lippertmarkus. Do you know if those users are signing in with a tenant ID other than the default? Or if they're using a cloud other than general Azure (such as Azure China or Azure Germany)?
lippertmarkus commentedon Feb 17, 2022
All affected and non-affected users are using the same tenant ID and general Azure.
lippertmarkus commentedon Feb 17, 2022
It seems like authentication information stored by
v0.10.0is invalid or can't be retrieved. Today I tried using another account B in another tenant and tried using Sign Out and Sign In withv0.10.0again. The status bar showed that I would be logged in with the correct account B butcredential.getToken()still gave me tokens for account A I was logged in with before.Again I needed to downgrade to
v0.9.11and sign out/sign in with this version to make it work.GusteB commentedon Feb 22, 2022
I assume we identified the issue.
Visual Studio Code Azure Account extension version 0.10.0 stores refresh token under a new name 'vscodems-vscode.azure-account' in Windows credential manager. Previously the name was 'VS Code Azure'. What happens is
@azure/identitylibrary is looking for credentials under the wrong name usingkeytarmethodgetPassword.Below are screenshots for credential manager.
v0.9.11:v0.10.0:VisualStudioCodeCredentialusing v0.10.0 of the Azure Account Extension results in an error Azure/azure-sdk-for-js#20500wwlorey commentedon Feb 23, 2022
Thanks, @GusteB that is very helpful. I filed Azure/azure-sdk-for-js#20500 to track this issue.
30 remaining items