@microsoft/vscode-azext-azureauth 1.1.2 → 1.2.1

package/README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://dev.azure.com/ms-azuretools/AzCode/_apis/build/status/vscode-azuretools)](https://dev.azure.com/ms-azuretools/AzCode/_build/latest?definitionId=17)
 
-This package provides a simple way to authenticate to Azure and receive Azure subscription information.
+This package provides a simple way to authenticate to Azure and receive Azure subscription information. It uses the [built-in Microsoft Authentication extension](https://github.com/microsoft/vscode/tree/main/extensions/microsoft-authentication) and does not rely on the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) in any way.
 
 ## Azure Subscription Provider
 
@@ -13,6 +13,14 @@ The `AzureSubscriptionProvider` interface describes the functions of this packag
  * An interface for obtaining Azure subscription information
  */
 export interface AzureSubscriptionProvider {
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @returns A list of tenants.
+     */
+    getTenants(): Promise<TenantIdDescription[]>;
+
     /**
      * Gets a list of Azure subscriptions available to the user.
      *
@@ -30,16 +38,20 @@ export interface AzureSubscriptionProvider {
     /**
      * Checks to see if a user is signed in.
      *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    isSignedIn(): Promise<boolean>;
+    isSignedIn(tenantId?: string): Promise<boolean>;
 
     /**
      * Asks the user to sign in or pick an account to use.
      *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    signIn(): Promise<boolean>;
+    signIn(tenantId?: string): Promise<boolean>;
 
     /**
      * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
@@ -88,6 +100,12 @@ export declare function getConfiguredAzureEnv(): azureEnv.Environment & {
 export declare function setConfiguredAzureEnv(cloud: string | azureEnv.EnvironmentParameters, target?: vscode.ConfigurationTarget): Promise<void>;
 ```
 
+## Logs
+
+View the Microsoft Authentication extension logs by running the `Developer: Show Logs...` command from the VS Code command palette.
+
+Change the log level by running the `Developer: Set Log Level...` command from the VS Code command palette. Select `Microsoft Authentication` from the list of loggers and then select the desired log level.
+
 ## License
 
 [MIT](LICENSE.md)

package/out/src/AzureSubscriptionProvider.d.ts

@@ -1,9 +1,17 @@
 import type * as vscode from 'vscode';
 import type { AzureSubscription } from './AzureSubscription';
+import { TenantIdDescription } from '@azure/arm-subscriptions';
 /**
  * An interface for obtaining Azure subscription information
  */
 export interface AzureSubscriptionProvider {
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @returns A list of tenants.
+     */
+    getTenants(): Promise<TenantIdDescription[]>;
     /**
      * Gets a list of Azure subscriptions available to the user.
      *
@@ -20,15 +28,19 @@ export interface AzureSubscriptionProvider {
     /**
      * Checks to see if a user is signed in.
      *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    isSignedIn(): Promise<boolean>;
+    isSignedIn(tenantId?: string): Promise<boolean>;
     /**
      * Asks the user to sign in or pick an account to use.
      *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    signIn(): Promise<boolean>;
+    signIn(tenantId?: string): Promise<boolean>;
     /**
      * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
      */

package/out/src/VSCodeAzureSubscriptionProvider.d.ts

@@ -1,3 +1,4 @@
+import type { TenantIdDescription } from '@azure/arm-subscriptions';
 import * as vscode from 'vscode';
 import type { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscription';
 import type { AzureSubscriptionProvider } from './AzureSubscriptionProvider';
@@ -12,6 +13,13 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
     private readonly onDidSignOutEmitter;
     private lastSignOutEventFired;
     constructor();
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @returns A list of tenants.
+     */
+    getTenants(): Promise<TenantIdDescription[]>;
     /**
      * Gets a list of Azure subscriptions available to the user.
      *
@@ -28,15 +36,19 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
     /**
      * Checks to see if a user is signed in.
      *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    isSignedIn(): Promise<boolean>;
+    isSignedIn(tenantId?: string): Promise<boolean>;
     /**
      * Asks the user to sign in or pick an account to use.
      *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    signIn(): Promise<boolean>;
+    signIn(tenantId?: string): Promise<boolean>;
     /**
      * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
      */
@@ -71,12 +83,6 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
      * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
      */
     protected getSubscriptionFilters(): Promise<SubscriptionId[]>;
-    /**
-     * Gets the tenants available to a user.
-     *
-     * @returns The list of tenants visible to the user.
-     */
-    private getTenants;
     /**
      * Gets the subscriptions for a given tenant.
      *
@@ -93,13 +99,16 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
      * @returns A client, the credential used by the client, and the authentication function
      */
     private getSubscriptionClient;
+    private getToken;
     /**
-     * Gets a normalized list of scopes
+     * Gets a normalized list of scopes. If no scopes are provided, the return value of {@link getDefaultScope} is used.
+     *
+     * Only supports top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes.
+     *
+     * All resources/scopes will be normalized to the `.default` scope for each resource.
      *
      * @param scopes An input scope string, list, or undefined
      * @param tenantId (Optional) The tenant ID, will be added to the scopes
-     *
-     * @returns A list of scopes, with the default scope and (optionally) the tenant scope added
      */
     private getScopes;
     /**
@@ -108,5 +117,5 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
      *
      * @returns The default Azure scopes required
      */
-    private getDefaultScopes;
+    private getDefaultScope;
 }

package/out/src/VSCodeAzureSubscriptionProvider.js

@@ -21,6 +21,7 @@ var __asyncValues = (this && this.__asyncValues) || function (o) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VSCodeAzureSubscriptionProvider = void 0;
+const cross_fetch_1 = require("cross-fetch");
 const vscode = require("vscode");
 const NotSignedInError_1 = require("./NotSignedInError");
 const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
@@ -66,6 +67,22 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
          */
         this.onDidSignOut = this.onDidSignOutEmitter.event;
     }
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @returns A list of tenants.
+     */
+    getTenants() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const listTenantsResponse = yield (0, cross_fetch_1.default)('https://management.azure.com/tenants?api-version=2022-12-01', {
+                headers: {
+                    Authorization: `Bearer ${yield this.getToken()}`,
+                }
+            });
+            return (yield listTenantsResponse.json()).value;
+        });
+    }
     /**
      * Gets a list of Azure subscriptions available to the user.
      *
@@ -95,6 +112,10 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
                     if (shouldFilterTenants && !tenantIds.includes(tenantId)) {
                         continue;
                     }
+                    // If the user is not signed in to this tenant, then skip it
+                    if (!(yield this.isSignedIn(tenantId))) {
+                        continue;
+                    }
                     // For each tenant, get the list of subscriptions
                     for (const subscription of yield this.getSubscriptionsForTenant(tenantId)) {
                         // If filtering is enabled, and the current subscription is not in that list, then skip it
@@ -114,22 +135,26 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     /**
      * Checks to see if a user is signed in.
      *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    isSignedIn() {
+    isSignedIn(tenantId) {
         return __awaiter(this, void 0, void 0, function* () {
-            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getDefaultScopes(), { createIfNone: false, silent: true });
+            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getScopes([], tenantId), { createIfNone: false, silent: true });
             return !!session;
         });
     }
     /**
      * Asks the user to sign in or pick an account to use.
      *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     *
      * @returns True if the user is signed in, false otherwise.
      */
-    signIn() {
+    signIn(tenantId) {
         return __awaiter(this, void 0, void 0, function* () {
-            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getDefaultScopes(), { createIfNone: true, clearSessionPreference: true });
+            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getScopes([], tenantId), { createIfNone: true, clearSessionPreference: true });
             return !!session;
         });
     }
@@ -173,39 +198,6 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
             return fullSubscriptionIds.map(id => id.split('/')[1]);
         });
     }
-    /**
-     * Gets the tenants available to a user.
-     *
-     * @returns The list of tenants visible to the user.
-     */
-    getTenants() {
-        var _a, e_1, _b, _c;
-        return __awaiter(this, void 0, void 0, function* () {
-            const { client } = yield this.getSubscriptionClient();
-            const tenants = [];
-            try {
-                for (var _d = true, _e = __asyncValues(client.tenants.list()), _f; _f = yield _e.next(), _a = _f.done, !_a;) {
-                    _c = _f.value;
-                    _d = false;
-                    try {
-                        const tenant = _c;
-                        tenants.push(tenant);
-                    }
-                    finally {
-                        _d = true;
-                    }
-                }
-            }
-            catch (e_1_1) { e_1 = { error: e_1_1 }; }
-            finally {
-                try {
-                    if (!_d && !_a && (_b = _e.return)) yield _b.call(_e);
-                }
-                finally { if (e_1) throw e_1.error; }
-            }
-            return tenants;
-        });
-    }
     /**
      * Gets the subscriptions for a given tenant.
      *
@@ -214,7 +206,7 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      * @returns The list of subscriptions for the tenant.
      */
     getSubscriptionsForTenant(tenantId) {
-        var _a, e_2, _b, _c;
+        var _a, e_1, _b, _c;
         return __awaiter(this, void 0, void 0, function* () {
             const { client, credential, authentication } = yield this.getSubscriptionClient(tenantId);
             const environment = (0, configuredAzureEnv_1.getConfiguredAzureEnv)();
@@ -242,12 +234,12 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
                     }
                 }
             }
-            catch (e_2_1) { e_2 = { error: e_2_1 }; }
+            catch (e_1_1) { e_1 = { error: e_1_1 }; }
             finally {
                 try {
                     if (!_d && !_a && (_b = _e.return)) yield _b.call(_e);
                 }
-                finally { if (e_2) throw e_2.error; }
+                finally { if (e_1) throw e_1.error; }
             }
             return subscriptions;
         });
@@ -262,17 +254,17 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     getSubscriptionClient(tenantId) {
         return __awaiter(this, void 0, void 0, function* () {
             const armSubs = yield Promise.resolve().then(() => require('@azure/arm-subscriptions'));
-            // This gets filled in when the client calls `getToken`, and then it can be returned in the `authentication` property of `AzureSubscription`
-            let session;
+            const getSession = (scopes) => __awaiter(this, void 0, void 0, function* () {
+                const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getScopes(scopes, tenantId), { createIfNone: false, silent: true });
+                if (!session) {
+                    throw new NotSignedInError_1.NotSignedInError();
+                }
+                return session;
+            });
             const credential = {
                 getToken: (scopes) => __awaiter(this, void 0, void 0, function* () {
-                    // TODO: if possible, change to `getSessions` when that API is available: https://github.com/microsoft/vscode/issues/152399
-                    session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getScopes(scopes, tenantId), { createIfNone: false, silent: true });
-                    if (!session) {
-                        throw new NotSignedInError_1.NotSignedInError();
-                    }
                     return {
-                        token: session.accessToken,
+                        token: (yield getSession(this.getScopes(scopes, tenantId))).accessToken,
                         expiresOnTimestamp: 0
                     };
                 })
@@ -281,28 +273,44 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
                 client: new armSubs.SubscriptionClient(credential),
                 credential: credential,
                 authentication: {
-                    getSession: () => session // Rewrapped to make TS not confused about the weird initialization pattern
+                    getSession
                 }
             };
         });
     }
+    getToken(tenantId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getScopes([], tenantId), { createIfNone: false, silent: true });
+            if (!session) {
+                throw new NotSignedInError_1.NotSignedInError();
+            }
+            return session.accessToken;
+        });
+    }
     /**
-     * Gets a normalized list of scopes
+     * Gets a normalized list of scopes. If no scopes are provided, the return value of {@link getDefaultScope} is used.
+     *
+     * Only supports top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes.
+     *
+     * All resources/scopes will be normalized to the `.default` scope for each resource.
      *
      * @param scopes An input scope string, list, or undefined
      * @param tenantId (Optional) The tenant ID, will be added to the scopes
-     *
-     * @returns A list of scopes, with the default scope and (optionally) the tenant scope added
      */
     getScopes(scopes, tenantId) {
-        const scopeSet = new Set(this.getDefaultScopes());
-        // If `.default` is passed in, it will be ignored, in favor of the correct default added by `getDefaultScopes`
-        if (typeof scopes === 'string' && scopes !== '.default') {
-            scopeSet.add(scopes);
-        }
-        else if (Array.isArray(scopes)) {
-            scopes.filter(scope => scope !== '.default').forEach(scope => scopeSet.add(scope));
+        if (scopes === undefined || scopes === "" || scopes.length === 0) {
+            scopes = this.getDefaultScope();
         }
+        const arrScopes = (Array.isArray(scopes) ? scopes : [scopes])
+            .map((scope) => {
+            if (scope.endsWith('.default')) {
+                return scope;
+            }
+            else {
+                return `${scope}.default`;
+            }
+        });
+        const scopeSet = new Set(arrScopes);
         if (tenantId) {
             scopeSet.add(`VSCODE_TENANT:${tenantId}`);
         }
@@ -314,8 +322,8 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      *
      * @returns The default Azure scopes required
      */
-    getDefaultScopes() {
-        return [`${(0, configuredAzureEnv_1.getConfiguredAzureEnv)().resourceManagerEndpointUrl}.default`];
+    getDefaultScope() {
+        return `${(0, configuredAzureEnv_1.getConfiguredAzureEnv)().resourceManagerEndpointUrl}.default`;
     }
 }
 exports.VSCodeAzureSubscriptionProvider = VSCodeAzureSubscriptionProvider;

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@microsoft/vscode-azext-azureauth",
     "author": "Microsoft Corporation",
-    "version": "1.1.2",
+    "version": "1.2.1",
     "description": "Azure authentication helpers for Visual Studio Code",
     "tags": [
         "azure",
@@ -52,6 +52,7 @@
     },
     "dependencies": {
         "@azure/arm-subscriptions": "^5.1.0",
-        "@azure/ms-rest-azure-env": "^2.0.0"
+        "@azure/ms-rest-azure-env": "^2.0.0",
+        "cross-fetch": "^4.0.0"
     }
 }