npm - @microsoft/vscode-azext-azureauth - Versions diffs - 4.2.2 → 5.1.0 - Mend

@microsoft/vscode-azext-azureauth 4.2.2 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/{out → dist/esm}/src/AzureTenant.d.ts RENAMED Viewed

@@ -1,5 +1,5 @@
-import { TenantIdDescription } from "@azure/arm-resources-subscriptions";
-import * as vscode from 'vscode';
+import type { TenantIdDescription } from "@azure/arm-resources-subscriptions";
+import type * as vscode from 'vscode';
 export interface AzureTenant extends TenantIdDescription {
     account: vscode.AuthenticationSessionAccountInformation;
 }

package/dist/esm/src/AzureTenant.js ADDED Viewed

@@ -0,0 +1,6 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+export {};
+//# sourceMappingURL=AzureTenant.js.map

package/{out → dist/esm}/src/NotSignedInError.js RENAMED Viewed

@@ -1,22 +1,17 @@
-"use strict";
 /*---------------------------------------------------------------------------------------------
  *  Copyright (c) Microsoft Corporation. All rights reserved.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.NotSignedInError = void 0;
-exports.isNotSignedInError = isNotSignedInError;
-const vscode = require("vscode");
+import * as vscode from 'vscode';
 /**
  * An error indicating the user is not signed in.
  */
-class NotSignedInError extends Error {
+export class NotSignedInError extends Error {
+    isNotSignedInError = true;
     constructor() {
         super(vscode.l10n.t('You are not signed in to an Azure account. Please sign in.'));
-        this.isNotSignedInError = true;
     }
 }
-exports.NotSignedInError = NotSignedInError;
 /**
  * Tests if an object is a `NotSignedInError`. This should be used instead of `instanceof`.
  *
@@ -24,7 +19,7 @@ exports.NotSignedInError = NotSignedInError;
  *
  * @returns True if the object is a NotSignedInError, false otherwise
  */
-function isNotSignedInError(error) {
+export function isNotSignedInError(error) {
     return !!error && typeof error === 'object' && error.isNotSignedInError === true;
 }
 //# sourceMappingURL=NotSignedInError.js.map

package/{out → dist/esm}/src/VSCodeAzureSubscriptionProvider.d.ts RENAMED Viewed

@@ -1,19 +1,22 @@
 import * as vscode from 'vscode';
 import { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
+import type { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
+import type { AzureTenant } from './AzureTenant';
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable implements AzureSubscriptionProvider {
+export declare class VSCodeAzureSubscriptionProvider implements AzureSubscriptionProvider, vscode.Disposable {
     private readonly logger?;
-    private readonly onDidSignInEmitter;
     private lastSignInEventFired;
     private suppressSignInEvents;
-    private readonly onDidSignOutEmitter;
     private lastSignOutEventFired;
+    private priorAccounts;
     constructor(logger?: vscode.LogOutputChannel | undefined);
+    onDidSignIn(callback: () => any, thisArg?: any, disposables?: vscode.Disposable[]): vscode.Disposable;
+    onDidSignOut(callback: () => any, thisArg?: any, disposables?: vscode.Disposable[]): vscode.Disposable;
+    private onDidChangeSessions;
+    dispose(): void;
     /**
      * Gets a list of tenants available to the user.
      * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
@@ -62,20 +65,12 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
      * @returns True if the user is signed in, false otherwise.
      */
     signIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignIn: vscode.Event<void>;
     /**
      * Signs the user out
      *
      * @deprecated Not currently supported by VS Code auth providers
      */
     signOut(): Promise<void>;
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignOut: vscode.Event<void>;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`

package/dist/esm/src/VSCodeAzureSubscriptionProvider.js ADDED Viewed

@@ -0,0 +1,348 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+import * as vscode from 'vscode';
+import { getSessionFromVSCode } from './getSessionFromVSCode';
+import { NotSignedInError } from './NotSignedInError';
+import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from './utils/configuredAzureEnv';
+import { isAuthenticationWwwAuthenticateRequest } from './utils/isAuthenticationWwwAuthenticateRequest';
+import { isGetSubscriptionsAccountFilter, isGetSubscriptionsTenantFilter } from './utils/isGetSubscriptionsFilter';
+const EventDebounce = 5 * 1000; // 5 seconds
+let armSubs;
+/**
+ * A class for obtaining Azure subscription information using VSCode's built-in authentication
+ * provider.
+ */
+export class VSCodeAzureSubscriptionProvider {
+    logger;
+    lastSignInEventFired = 0;
+    suppressSignInEvents = false;
+    lastSignOutEventFired = 0;
+    priorAccounts;
+    // So that customers can easily share logs, try to only log PII using trace level
+    constructor(logger) {
+        this.logger = logger;
+        // Load accounts initially, then onDidChangeSessions can compare against them
+        void vscode.authentication.getAccounts(getConfiguredAuthProviderId()).then(accounts => {
+            this.priorAccounts = Array.from(accounts); // The Array.from is to get rid of the readonly marker on the array returned by the API
+        });
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidSignIn(callback, thisArg, disposables) {
+        return this.onDidChangeSessions(true, callback, thisArg, disposables);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidSignOut(callback, thisArg, disposables) {
+        return this.onDidChangeSessions(false, callback, thisArg, disposables);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidChangeSessions(signIn, callback, thisArg, disposables) {
+        const isASignInEvent = async () => {
+            const currentAccounts = Array.from(await vscode.authentication.getAccounts(getConfiguredAuthProviderId())); // The Array.from is to get rid of the readonly marker on the array returned by the API
+            const priorAccountCount = this.priorAccounts?.length ?? 0;
+            this.priorAccounts = currentAccounts;
+            // The only way a sign out happens is if an account is removed entirely from the list of accounts
+            if (currentAccounts.length === 0 || currentAccounts.length < priorAccountCount) {
+                return false;
+            }
+            return true;
+        };
+        const wrappedCallback = () => {
+            const immediate = setImmediate(() => {
+                clearImmediate(immediate);
+                void callback.call(thisArg);
+            });
+        };
+        const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
+            // Ignore any sign in that isn't for the configured auth provider
+            if (e.provider.id !== getConfiguredAuthProviderId()) {
+                return;
+            }
+            if (signIn) {
+                if (this.suppressSignInEvents || Date.now() < this.lastSignInEventFired + EventDebounce) {
+                    return;
+                }
+                else if (await isASignInEvent()) {
+                    this.lastSignInEventFired = Date.now();
+                    wrappedCallback();
+                }
+            }
+            else {
+                if (Date.now() < this.lastSignOutEventFired + EventDebounce) {
+                    return;
+                }
+                else if (!await isASignInEvent()) {
+                    this.lastSignOutEventFired = Date.now();
+                    wrappedCallback();
+                }
+            }
+        });
+        disposables?.push(disposable);
+        return disposable;
+    }
+    dispose() {
+        // No-op, this class no longer has disposables
+    }
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @param account (Optional) A specific account to get tenants for. If not provided, all accounts will be used.
+     *
+     * @returns A list of tenants.
+     */
+    async getTenants(account) {
+        const startTimeMs = Date.now();
+        const results = [];
+        for await (account of account ? [account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId())) {
+            // Added check. Without this the getSubscriptionClient function throws the NotSignedInError
+            if (await this.isSignedIn(undefined, account)) {
+                const { client } = await this.getSubscriptionClient(account, undefined, undefined);
+                for await (const tenant of client.tenants.list()) {
+                    results.push({ ...tenant, account });
+                }
+            }
+        }
+        const endTimeMs = Date.now();
+        this.logger?.debug(`auth: Got ${results.length} tenants for account "${account?.label}" in ${endTimeMs - startTimeMs}ms`);
+        return results;
+    }
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned. When:
+     * - `true`: according to the list returned by `getTenantFilters()` and `getSubscriptionFilters()`.
+     * - `false`: return all subscriptions.
+     * - `GetSubscriptionsFilter`: according to the values in the filter.
+     *
+     * Optional, default true.
+     *
+     * @returns A list of Azure subscriptions. The list is sorted by subscription name.
+     * The list can contain duplicate subscriptions if they come from different accounts.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    async getSubscriptions(filter = true) {
+        this.logger?.debug('auth: Loading subscriptions...');
+        const startTime = Date.now();
+        let tenantIdsToFilterBy;
+        if (isGetSubscriptionsTenantFilter(filter)) {
+            // Only filter by the tenant ID option if it is provided
+            tenantIdsToFilterBy = [filter.tenantId];
+        }
+        else if (filter === true) {
+            // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
+            const configuredTenantFilter = await this.getTenantFilters();
+            if (configuredTenantFilter.length > 0) {
+                tenantIdsToFilterBy = configuredTenantFilter;
+            }
+        }
+        const allSubscriptions = [];
+        let accountCount; // only used for logging
+        try {
+            this.suppressSignInEvents = true;
+            // Get the list of tenants from each account (filtered or all)
+            const accounts = isGetSubscriptionsAccountFilter(filter) ? [filter.account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+            accountCount = accounts.length;
+            for (const account of accounts) {
+                const tenantIds = isGetSubscriptionsTenantFilter(filter) ? [filter.tenantId] : (await this.getTenants(account)).map(t => t.tenantId);
+                for (const tenantId of tenantIds) {
+                    if (tenantIdsToFilterBy?.includes(tenantId) === false) {
+                        continue;
+                    }
+                    // For each tenant, get the list of subscriptions
+                    allSubscriptions.push(...await this.getSubscriptionsForTenant(account, tenantId));
+                }
+                // list subscriptions for the home tenant
+                allSubscriptions.push(...await this.getSubscriptionsForTenant(account));
+            }
+        }
+        finally {
+            this.suppressSignInEvents = false;
+        }
+        // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
+        // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        // There are also cases where the same subscription could appear in different tenants under the same account so we also need to keep those
+        const subscriptionMap = new Map();
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.tenantId}/${sub.subscriptionId}`, sub));
+        const uniqueSubscriptions = Array.from(subscriptionMap.values());
+        const endTime = Date.now();
+        this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
+        const sortSubscriptions = (subscriptions) => subscriptions.sort((a, b) => a.name.localeCompare(b.name));
+        const subscriptionIds = await this.getSubscriptionFilters();
+        if (filter === true && !!subscriptionIds.length) { // If the list is empty it is treated as "no filter"
+            return sortSubscriptions(uniqueSubscriptions.filter(sub => subscriptionIds.includes(sub.subscriptionId)));
+        }
+        return sortSubscriptions(uniqueSubscriptions);
+    }
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     * @param account (Optional) Provide to check if a user is signed in to a specific account.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     *
+     * If no tenant or account is provided, then
+     * checks all accounts for a session.
+     */
+    async isSignedIn(tenantId, account) {
+        async function silentlyCheckForSession(tenantId, account) {
+            return !!await getSessionFromVSCode([], tenantId, { createIfNone: false, silent: true, account });
+        }
+        const innerIsSignedIn = async () => {
+            // If no tenant or account is provided, then check all accounts for a session
+            if (!account && !tenantId) {
+                const accounts = await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+                if (accounts.length === 0) {
+                    return false;
+                }
+                for (const account of accounts) {
+                    if (await silentlyCheckForSession(tenantId, account)) {
+                        // If any account has a session, then return true because the user is signed in
+                        return true;
+                    }
+                }
+            }
+            return silentlyCheckForSession(tenantId, account);
+        };
+        const result = await innerIsSignedIn();
+        this.logger?.trace(`auth: isSignedIn returned ${result} (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
+        return result;
+    }
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     * @param account (Optional) Provide to sign in to a specific account.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    async signIn(tenantId, account) {
+        this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
+        try {
+            this.suppressSignInEvents = true;
+            const session = await getSessionFromVSCode([], tenantId, {
+                createIfNone: true,
+                // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+                clearSessionPreference: !account,
+                account,
+            });
+            return !!session;
+        }
+        finally {
+            this.suppressSignInEvents = false;
+        }
+    }
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     */
+    signOut() {
+        throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
+    }
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    async getTenantFilters() {
+        const config = vscode.workspace.getConfiguration('azureResourceGroups');
+        const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+        return fullSubscriptionIds.map(id => id.split('/')[0]);
+    }
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be returned.
+     *
+     * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    async getSubscriptionFilters() {
+        const config = vscode.workspace.getConfiguration('azureResourceGroups');
+        const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+        return fullSubscriptionIds.map(id => id.split('/')[1]);
+    }
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     * @param account The account to get the subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    async getSubscriptionsForTenant(account, tenantId) {
+        // If the user is not signed in to this tenant or account, then return an empty list
+        // This is to prevent the NotSignedInError from being thrown in getSubscriptionClient
+        if (!await this.isSignedIn(tenantId, account)) {
+            return [];
+        }
+        const { client, credential, authentication } = await this.getSubscriptionClient(account, tenantId, undefined);
+        const environment = getConfiguredAzureEnv();
+        const subscriptions = [];
+        for await (const subscription of client.subscriptions.list()) {
+            subscriptions.push({
+                authentication: authentication,
+                environment: environment,
+                credential: credential,
+                isCustomCloud: environment.isCustomCloud,
+                /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                name: subscription.displayName,
+                subscriptionId: subscription.subscriptionId,
+                tenantId: tenantId ?? subscription.tenantId,
+                /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                account: account
+            });
+        }
+        return subscriptions;
+    }
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     * @param account The account that you would like to get the session for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    async getSubscriptionClient(account, tenantId, scopes) {
+        armSubs ||= await import('@azure/arm-resources-subscriptions');
+        const session = await getSessionFromVSCode(scopes, tenantId, { createIfNone: false, silent: true, account });
+        if (!session) {
+            throw new NotSignedInError();
+        }
+        const credential = {
+            getToken: async () => {
+                return {
+                    token: session.accessToken,
+                    expiresOnTimestamp: 0
+                };
+            }
+        };
+        const configuredAzureEnv = getConfiguredAzureEnv();
+        const endpoint = configuredAzureEnv.resourceManagerEndpointUrl;
+        return {
+            client: new armSubs.SubscriptionClient(credential, { endpoint }),
+            credential: credential,
+            authentication: {
+                getSession: () => session,
+                getSessionWithScopes: (scopeListOrRequest) => {
+                    // in order to handle a challenge, we must enable createIfNone so
+                    // that we can prompt the user to step-up their session with MFA
+                    // otherwise, never prompt the user
+                    return getSessionFromVSCode(scopeListOrRequest, tenantId, { ...(isAuthenticationWwwAuthenticateRequest(scopeListOrRequest) ? { createIfNone: true } : { silent: true }), account });
+                },
+            }
+        };
+    }
+}
+//# sourceMappingURL=VSCodeAzureSubscriptionProvider.js.map

package/{out → dist/esm}/src/getSessionFromVSCode.d.ts RENAMED Viewed

@@ -4,10 +4,10 @@ import * as vscode from "vscode";
  * * Passing the configured auth provider id
  * * Getting the list of scopes, adding the tenant id to the scope list if needed
  *
- * @param scopes - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
- * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.104 or newer.
+ * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
+ * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
  * @param tenantId - (Optional) The tenant ID, will be added to the scopes
  * @param options - see {@link vscode.AuthenticationGetSessionOptions}
  * @returns An authentication session if available, or undefined if there are no sessions
  */
-export declare function getSessionFromVSCode(scopes?: string | string[] | vscode.AuthenticationWwwAuthenticateRequest, tenantId?: string, options?: vscode.AuthenticationGetSessionOptions): Promise<vscode.AuthenticationSession | undefined>;
+export declare function getSessionFromVSCode(scopeOrListOrRequest?: string | string[] | vscode.AuthenticationWwwAuthenticateRequest, tenantId?: string, options?: vscode.AuthenticationGetSessionOptions): Promise<vscode.AuthenticationSession | undefined>;

package/dist/esm/src/getSessionFromVSCode.js ADDED Viewed

@@ -0,0 +1,72 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+import * as vscode from "vscode";
+import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from "./utils/configuredAzureEnv";
+import { isAuthenticationWwwAuthenticateRequest } from "./utils/isAuthenticationWwwAuthenticateRequest";
+function ensureEndingSlash(value) {
+    return value.endsWith('/') ? value : `${value}/`;
+}
+function getResourceScopes(scopes) {
+    if (scopes === undefined || scopes === "" || scopes.length === 0) {
+        scopes = ensureEndingSlash(getConfiguredAzureEnv().managementEndpointUrl);
+    }
+    const arrScopes = (Array.isArray(scopes) ? scopes : [scopes])
+        .map((scope) => {
+        if (scope.endsWith('.default')) {
+            return scope;
+        }
+        else {
+            return `${scope}.default`;
+        }
+    });
+    return Array.from(new Set(arrScopes));
+}
+function addTenantIdScope(scopes, tenantId) {
+    const scopeSet = new Set(scopes);
+    scopeSet.add(`VSCODE_TENANT:${tenantId}`);
+    return Array.from(scopeSet);
+}
+function getModifiedScopes(scopes, tenantId) {
+    let scopeArr = getResourceScopes(scopes);
+    if (tenantId) {
+        scopeArr = addTenantIdScope(scopeArr, tenantId);
+    }
+    return scopeArr;
+}
+/**
+ * Deconstructs and rebuilds the scopes arg in order to use the above utils to modify the scopes array.
+ * And then returns the proper type to pass directly to vscode.authentication.getSession
+ */
+function formScopesArg(scopeOrListOrRequest, tenantId) {
+    const isChallenge = isAuthenticationWwwAuthenticateRequest(scopeOrListOrRequest);
+    let initialScopeList = undefined;
+    if (typeof scopeOrListOrRequest === 'string' && !!scopeOrListOrRequest) {
+        initialScopeList = [scopeOrListOrRequest];
+    }
+    else if (Array.isArray(scopeOrListOrRequest)) {
+        initialScopeList = scopeOrListOrRequest;
+    }
+    else if (isChallenge) {
+        // `scopeOrListOrRequest.fallbackScopes` being readonly forces us to rebuild the array
+        initialScopeList = scopeOrListOrRequest.fallbackScopes ? Array.from(scopeOrListOrRequest.fallbackScopes) : undefined;
+    }
+    const modifiedScopeList = getModifiedScopes(initialScopeList, tenantId);
+    return isChallenge ? { fallbackScopes: modifiedScopeList, wwwAuthenticate: scopeOrListOrRequest.wwwAuthenticate } : modifiedScopeList;
+}
+/**
+ * Wraps {@link vscode.authentication.getSession} and handles:
+ * * Passing the configured auth provider id
+ * * Getting the list of scopes, adding the tenant id to the scope list if needed
+ *
+ * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
+ * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
+ * @param tenantId - (Optional) The tenant ID, will be added to the scopes
+ * @param options - see {@link vscode.AuthenticationGetSessionOptions}
+ * @returns An authentication session if available, or undefined if there are no sessions
+ */
+export async function getSessionFromVSCode(scopeOrListOrRequest, tenantId, options) {
+    return await vscode.authentication.getSession(getConfiguredAuthProviderId(), formScopesArg(scopeOrListOrRequest, tenantId), options);
+}
+//# sourceMappingURL=getSessionFromVSCode.js.map

package/{out → dist/esm}/src/index.d.ts RENAMED Viewed

@@ -1,8 +1,9 @@
 export * from './AzureAuthentication';
 export * from './AzureDevOpsSubscriptionProvider';
-export * from './AzureTenant';
 export * from './AzureSubscription';
 export * from './AzureSubscriptionProvider';
+export * from './AzureTenant';
+export * from './getSessionFromVSCode';
 export * from './NotSignedInError';
 export * from './signInToTenant';
 export * from './utils/configuredAzureEnv';

package/dist/esm/src/index.js ADDED Viewed

@@ -0,0 +1,16 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+export * from './AzureAuthentication';
+export * from './AzureDevOpsSubscriptionProvider';
+export * from './AzureSubscription';
+export * from './AzureSubscriptionProvider';
+export * from './AzureTenant';
+export * from './getSessionFromVSCode';
+export * from './NotSignedInError';
+export * from './signInToTenant';
+export * from './utils/configuredAzureEnv';
+export * from './utils/getUnauthenticatedTenants';
+export * from './VSCodeAzureSubscriptionProvider';
+//# sourceMappingURL=index.js.map

package/dist/esm/src/signInToTenant.js ADDED Viewed

@@ -0,0 +1,43 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+import * as vscode from "vscode";
+import { getUnauthenticatedTenants } from "./utils/getUnauthenticatedTenants";
+/**
+ * Prompts user to select from a list of unauthenticated tenants.
+ * Once selected, requests a new session from VS Code specifially for this tenant.
+ */
+export async function signInToTenant(subscriptionProvider) {
+    const tenantId = await pickTenant(subscriptionProvider);
+    if (tenantId) {
+        await subscriptionProvider.signIn(tenantId);
+    }
+}
+async function pickTenant(subscriptionProvider) {
+    const pick = await vscode.window.showQuickPick(getPicks(subscriptionProvider), {
+        placeHolder: 'Select a Tenant (Directory) to Sign In To', // TODO: localize
+        matchOnDescription: true, // allow searching by tenantId
+        ignoreFocusOut: true,
+    });
+    return pick?.tenant.tenantId;
+}
+async function getPicks(subscriptionProvider) {
+    const unauthenticatedTenants = await getUnauthenticatedTenants(subscriptionProvider);
+    const duplicateTenants = new Set(unauthenticatedTenants
+        .filter((tenant, index, self) => index !== self.findIndex(t => t.tenantId === tenant.tenantId))
+        .map(tenant => tenant.tenantId));
+    const isDuplicate = (tenantId) => duplicateTenants.has(tenantId);
+    const picks = unauthenticatedTenants
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        .sort((a, b) => (a.displayName).localeCompare(b.displayName))
+        .map(tenant => ({
+        label: tenant.displayName ?? '',
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        description: `${tenant.tenantId}${isDuplicate(tenant.tenantId) ? ` (${tenant.account.label})` : ''}`,
+        detail: tenant.defaultDomain ?? '',
+        tenant,
+    }));
+    return picks;
+}
+//# sourceMappingURL=signInToTenant.js.map