diff --git a/extensions/microsoft-authentication/package.json b/extensions/microsoft-authentication/package.json index 928ffa6888990..4170a7787cfa7 100644 --- a/extensions/microsoft-authentication/package.json +++ b/extensions/microsoft-authentication/package.json @@ -115,6 +115,23 @@ "tags": [ "onExP" ] + }, + "microsoft-authentication.clientIdVersion": { + "type": "string", + "default": "v1", + "enum": [ + "v2", + "v1" + ], + "enumDescriptions": [ + "%microsoft-authentication.clientIdVersion.enumDescriptions.v2%", + "%microsoft-authentication.clientIdVersion.enumDescriptions.v1%" + ], + "markdownDescription": "%microsoft-authentication.clientIdVersion.description%", + "tags": [ + "onExP", + "experimental" + ] } } } diff --git a/extensions/microsoft-authentication/package.nls.json b/extensions/microsoft-authentication/package.nls.json index c8e0189c08f9e..ece95ac75c308 100644 --- a/extensions/microsoft-authentication/package.nls.json +++ b/extensions/microsoft-authentication/package.nls.json @@ -12,6 +12,9 @@ }, "microsoft-authentication.implementation.enumDescriptions.msal": "Use the Microsoft Authentication Library (MSAL) to sign in with a Microsoft account.", "microsoft-authentication.implementation.enumDescriptions.classic": "(deprecated) Use the classic authentication flow to sign in with a Microsoft account.", + "microsoft-authentication.clientIdVersion.description": "The version of the Microsoft Account client ID to use for signing in with a Microsoft account. Only change this if you have been asked to. The default is `v1`.", + "microsoft-authentication.clientIdVersion.enumDescriptions.v1": "Use the v1 Microsoft Account client ID to sign in with a Microsoft account.", + "microsoft-authentication.clientIdVersion.enumDescriptions.v2": "Use the v2 Microsoft Account client ID to sign in with a Microsoft account.", "microsoft-sovereign-cloud.environment.description": { "message": "The Sovereign Cloud to use for authentication. If you select `custom`, you must also set the `#microsoft-sovereign-cloud.customEnvironment#` setting.", "comment": [ diff --git a/extensions/microsoft-authentication/src/common/scopeData.ts b/extensions/microsoft-authentication/src/common/scopeData.ts index 4432abfed435a..a43f2c431dd44 100644 --- a/extensions/microsoft-authentication/src/common/scopeData.ts +++ b/extensions/microsoft-authentication/src/common/scopeData.ts @@ -3,14 +3,21 @@ * Licensed under the MIT License. See License.txt in the project root for license information. *--------------------------------------------------------------------------------------------*/ -const DEFAULT_CLIENT_ID = 'aebc6443-996d-45c2-90f0-388ff96faa56'; -const DEFAULT_TENANT = 'organizations'; +import { workspace } from 'vscode'; + +const DEFAULT_CLIENT_ID_V1 = 'aebc6443-996d-45c2-90f0-388ff96faa56'; +const DEFAULT_TENANT_V1 = 'organizations'; +const DEFAULT_CLIENT_ID_V2 = 'c27c220f-ce2f-4904-927d-333864217eeb'; +const DEFAULT_TENANT_V2 = 'common'; const OIDC_SCOPES = ['openid', 'email', 'profile', 'offline_access']; const GRAPH_TACK_ON_SCOPE = 'User.Read'; export class ScopeData { + private readonly _defaultClientId: string; + private readonly _defaultTenant: string; + /** * The full list of scopes including: * * the original scopes passed to the constructor @@ -40,6 +47,14 @@ export class ScopeData { readonly tenant: string; constructor(readonly originalScopes: readonly string[] = []) { + if (workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion') === 'v2') { + this._defaultClientId = DEFAULT_CLIENT_ID_V2; + this._defaultTenant = DEFAULT_TENANT_V2; + } else { + this._defaultClientId = DEFAULT_CLIENT_ID_V1; + this._defaultTenant = DEFAULT_TENANT_V1; + } + const modifiedScopes = [...originalScopes]; modifiedScopes.sort(); this.allScopes = modifiedScopes; @@ -55,7 +70,7 @@ export class ScopeData { return current.split('VSCODE_CLIENT_ID:')[1]; } return prev; - }, undefined) ?? DEFAULT_CLIENT_ID; + }, undefined) ?? this._defaultClientId; } private getTenantId(scopes: string[]) { @@ -64,7 +79,7 @@ export class ScopeData { return current.split('VSCODE_TENANT:')[1]; } return prev; - }, undefined) ?? DEFAULT_TENANT; + }, undefined) ?? this._defaultTenant; } private getScopesToSend(scopes: string[]) { diff --git a/extensions/microsoft-authentication/src/extension.ts b/extensions/microsoft-authentication/src/extension.ts index c11f108764169..bd32a82290a64 100644 --- a/extensions/microsoft-authentication/src/extension.ts +++ b/extensions/microsoft-authentication/src/extension.ts @@ -38,8 +38,8 @@ function shouldUseMsal(expService: IExperimentationService): boolean { // If no setting or experiment value is found, default to true return true; } -let useMsal: boolean | undefined; +let useMsal: boolean | undefined; export async function activate(context: ExtensionContext) { const mainTelemetryReporter = new MicrosoftAuthenticationTelemetryReporter(context.extension.packageJSON.aiKey); const expService = await createExperimentationService( @@ -48,9 +48,14 @@ export async function activate(context: ExtensionContext) { env.uriScheme !== 'vscode', // isPreRelease ); useMsal = shouldUseMsal(expService); + const clientIdVersion = workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion', 'v1'); context.subscriptions.push(workspace.onDidChangeConfiguration(async e => { - if (!e.affectsConfiguration('microsoft-authentication.implementation') || useMsal === shouldUseMsal(expService)) { + if (!e.affectsConfiguration('microsoft-authentication')) { + return; + } + + if (useMsal === shouldUseMsal(expService) && clientIdVersion === workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion', 'v1')) { return; }