@microsoft/vscode-azext-azureauth 5.0.0 → 5.1.0

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change Log
 
+## 5.1.0 - 2025-10-27
+
+* [#2102](https://github.com/microsoft/vscode-azuretools/pull/2102) Fixes an issue causing infinite event loops especially in https://vscode.dev/azure
+* [#2110](https://github.com/microsoft/vscode-azuretools/pull/2110) `vscode.authentication.onDidChangeSessions()` is no longer subscribed to unless the caller calls `AzureSubscriptionProvider.onDidSignIn()` or `AzureSubscriptionProvider.onDidSignOut()`.
+
+## 5.0.0 - 2025-10-07
+
+* [#2092](https://github.com/microsoft/vscode-azuretools/pull/2092) Converts from CJS only to CJS+ESM
+* Adopts finalized auth challenges API
+
 ## 4.2.2 - 2025-09-10
 
 * [#2073](https://github.com/microsoft/vscode-azuretools/pull/2073) Changes to adjust to proposed API changes

package/dist/cjs/src/AzureDevOpsSubscriptionProvider.js

@@ -6,7 +6,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AzureDevOpsSubscriptionProvider = void 0;
 exports.createAzureDevOpsSubscriptionProviderFactory = createAzureDevOpsSubscriptionProviderFactory;
-const vscode_1 = require("vscode");
 const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
 let azureDevOpsSubscriptionProvider;
 function createAzureDevOpsSubscriptionProviderFactory(initializer) {
@@ -144,8 +143,8 @@ class AzureDevOpsSubscriptionProvider {
             }
         };
     }
-    onDidSignIn = () => { return new vscode_1.Disposable(() => { }); };
-    onDidSignOut = () => { return new vscode_1.Disposable(() => { }); };
+    onDidSignIn = () => { return { dispose() { } }; };
+    onDidSignOut = () => { return { dispose() { } }; };
 }
 exports.AzureDevOpsSubscriptionProvider = AzureDevOpsSubscriptionProvider;
 /*

package/dist/cjs/src/VSCodeAzureSubscriptionProvider.js

@@ -43,42 +43,82 @@ const getSessionFromVSCode_1 = require("./getSessionFromVSCode");
 const NotSignedInError_1 = require("./NotSignedInError");
 const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
 const isAuthenticationWwwAuthenticateRequest_1 = require("./utils/isAuthenticationWwwAuthenticateRequest");
+const isGetSubscriptionsFilter_1 = require("./utils/isGetSubscriptionsFilter");
 const EventDebounce = 5 * 1000; // 5 seconds
+let armSubs;
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+class VSCodeAzureSubscriptionProvider {
     logger;
-    onDidSignInEmitter = new vscode.EventEmitter();
     lastSignInEventFired = 0;
     suppressSignInEvents = false;
-    onDidSignOutEmitter = new vscode.EventEmitter();
     lastSignOutEventFired = 0;
+    priorAccounts;
     // So that customers can easily share logs, try to only log PII using trace level
     constructor(logger) {
+        this.logger = logger;
+        // Load accounts initially, then onDidChangeSessions can compare against them
+        void vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)()).then(accounts => {
+            this.priorAccounts = Array.from(accounts); // The Array.from is to get rid of the readonly marker on the array returned by the API
+        });
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidSignIn(callback, thisArg, disposables) {
+        return this.onDidChangeSessions(true, callback, thisArg, disposables);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidSignOut(callback, thisArg, disposables) {
+        return this.onDidChangeSessions(false, callback, thisArg, disposables);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidChangeSessions(signIn, callback, thisArg, disposables) {
+        const isASignInEvent = async () => {
+            const currentAccounts = Array.from(await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)())); // The Array.from is to get rid of the readonly marker on the array returned by the API
+            const priorAccountCount = this.priorAccounts?.length ?? 0;
+            this.priorAccounts = currentAccounts;
+            // The only way a sign out happens is if an account is removed entirely from the list of accounts
+            if (currentAccounts.length === 0 || currentAccounts.length < priorAccountCount) {
+                return false;
+            }
+            return true;
+        };
+        const wrappedCallback = () => {
+            const immediate = setImmediate(() => {
+                clearImmediate(immediate);
+                void callback.call(thisArg);
+            });
+        };
         const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
             // Ignore any sign in that isn't for the configured auth provider
             if (e.provider.id !== (0, configuredAzureEnv_1.getConfiguredAuthProviderId)()) {
                 return;
             }
-            if (await this.isSignedIn()) {
-                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
+            if (signIn) {
+                if (this.suppressSignInEvents || Date.now() < this.lastSignInEventFired + EventDebounce) {
+                    return;
+                }
+                else if (await isASignInEvent()) {
                     this.lastSignInEventFired = Date.now();
-                    this.onDidSignInEmitter.fire();
+                    wrappedCallback();
                 }
             }
-            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
-                this.lastSignOutEventFired = Date.now();
-                this.onDidSignOutEmitter.fire();
+            else {
+                if (Date.now() < this.lastSignOutEventFired + EventDebounce) {
+                    return;
+                }
+                else if (!await isASignInEvent()) {
+                    this.lastSignOutEventFired = Date.now();
+                    wrappedCallback();
+                }
             }
         });
-        super(() => {
-            this.onDidSignInEmitter.dispose();
-            this.onDidSignOutEmitter.dispose();
-            disposable.dispose();
-        });
-        this.logger = logger;
+        disposables?.push(disposable);
+        return disposable;
+    }
+    dispose() {
+        // No-op, this class no longer has disposables
     }
     /**
      * Gets a list of tenants available to the user.
@@ -124,24 +164,28 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     async getSubscriptions(filter = true) {
         this.logger?.debug('auth: Loading subscriptions...');
         const startTime = Date.now();
-        const configuredTenantFilter = await this.getTenantFilters();
-        const tenantIdsToFilterBy = 
-        // Only filter by the tenant ID option if it is provided
-        (typeof filter === 'object' && filter.tenantId ? [filter.tenantId] :
+        let tenantIdsToFilterBy;
+        if ((0, isGetSubscriptionsFilter_1.isGetSubscriptionsTenantFilter)(filter)) {
+            // Only filter by the tenant ID option if it is provided
+            tenantIdsToFilterBy = [filter.tenantId];
+        }
+        else if (filter === true) {
             // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
-            filter === true && configuredTenantFilter.length > 0 ? configuredTenantFilter :
-                undefined);
+            const configuredTenantFilter = await this.getTenantFilters();
+            if (configuredTenantFilter.length > 0) {
+                tenantIdsToFilterBy = configuredTenantFilter;
+            }
+        }
         const allSubscriptions = [];
         let accountCount; // only used for logging
         try {
             this.suppressSignInEvents = true;
             // Get the list of tenants from each account (filtered or all)
-            const accounts = typeof filter === 'object' && filter.account ? [filter.account] : await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
+            const accounts = (0, isGetSubscriptionsFilter_1.isGetSubscriptionsAccountFilter)(filter) ? [filter.account] : await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
             accountCount = accounts.length;
             for (const account of accounts) {
-                for (const tenant of await this.getTenants(account)) {
-                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-                    const tenantId = tenant.tenantId;
+                const tenantIds = (0, isGetSubscriptionsFilter_1.isGetSubscriptionsTenantFilter)(filter) ? [filter.tenantId] : (await this.getTenants(account)).map(t => t.tenantId);
+                for (const tenantId of tenantIds) {
                     if (tenantIdsToFilterBy?.includes(tenantId) === false) {
                         continue;
                     }
@@ -157,8 +201,9 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
         }
         // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
         // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        // There are also cases where the same subscription could appear in different tenants under the same account so we also need to keep those
         const subscriptionMap = new Map();
-        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.subscriptionId}`, sub));
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.tenantId}/${sub.subscriptionId}`, sub));
         const uniqueSubscriptions = Array.from(subscriptionMap.values());
         const endTime = Date.now();
         this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
@@ -214,18 +259,20 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      */
     async signIn(tenantId, account) {
         this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
-        const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)([], tenantId, {
-            createIfNone: true,
-            // If no account is provided, then clear the session preference which tells VS Code to show the account picker
-            clearSessionPreference: !account,
-            account,
-        });
-        return !!session;
+        try {
+            this.suppressSignInEvents = true;
+            const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)([], tenantId, {
+                createIfNone: true,
+                // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+                clearSessionPreference: !account,
+                account,
+            });
+            return !!session;
+        }
+        finally {
+            this.suppressSignInEvents = false;
+        }
     }
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignIn = this.onDidSignInEmitter.event;
     /**
      * Signs the user out
      *
@@ -234,10 +281,6 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     signOut() {
         throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
     }
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignOut = this.onDidSignOutEmitter.event;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
@@ -308,7 +351,7 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      * @returns A client, the credential used by the client, and the authentication function
      */
     async getSubscriptionClient(account, tenantId, scopes) {
-        const armSubs = await import('@azure/arm-resources-subscriptions');
+        armSubs ||= await import('@azure/arm-resources-subscriptions');
         const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(scopes, tenantId, { createIfNone: false, silent: true, account });
         if (!session) {
             throw new NotSignedInError_1.NotSignedInError();

package/dist/cjs/src/index.js

@@ -23,6 +23,7 @@ __exportStar(require("./AzureDevOpsSubscriptionProvider"), exports);
 __exportStar(require("./AzureSubscription"), exports);
 __exportStar(require("./AzureSubscriptionProvider"), exports);
 __exportStar(require("./AzureTenant"), exports);
+__exportStar(require("./getSessionFromVSCode"), exports);
 __exportStar(require("./NotSignedInError"), exports);
 __exportStar(require("./signInToTenant"), exports);
 __exportStar(require("./utils/configuredAzureEnv"), exports);

package/dist/cjs/src/utils/getUnauthenticatedTenants.js

@@ -6,10 +6,12 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getUnauthenticatedTenants = getUnauthenticatedTenants;
 /**
+ * @param subscriptionProvider The {@link AzureSubscriptionProvider} to use
+ * @param account (Optional) The account to get unauthenticated tenants for
  * @returns list of tenants that VS Code doesn't have sessions for
  */
-async function getUnauthenticatedTenants(subscriptionProvider) {
-    const tenants = await subscriptionProvider.getTenants();
+async function getUnauthenticatedTenants(subscriptionProvider, account) {
+    const tenants = await subscriptionProvider.getTenants(account);
     const unauthenticatedTenants = [];
     for await (const tenant of tenants) {
         if (!await subscriptionProvider.isSignedIn(tenant.tenantId, tenant.account)) {

package/dist/cjs/src/utils/isGetSubscriptionsFilter.js

@@ -0,0 +1,27 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.md in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isGetSubscriptionsTenantFilter = isGetSubscriptionsTenantFilter;
+exports.isGetSubscriptionsAccountFilter = isGetSubscriptionsAccountFilter;
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with a tenantId.
+ */
+function isGetSubscriptionsTenantFilter(obj) {
+    if (typeof obj === 'object' && !!obj && 'tenantId' in obj && typeof obj.tenantId === 'string' && !!obj.tenantId) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with an account.
+ */
+function isGetSubscriptionsAccountFilter(obj) {
+    if (typeof obj === 'object' && !!obj && 'account' in obj && typeof obj.account === 'object' && !!obj.account) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=isGetSubscriptionsFilter.js.map

package/dist/esm/src/AzureDevOpsSubscriptionProvider.d.ts

@@ -1,7 +1,7 @@
-import { Event } from 'vscode';
-import { AzureSubscription } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
+import type * as vscode from 'vscode';
+import type { AzureSubscription } from './AzureSubscription';
+import type { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
+import type { AzureTenant } from './AzureTenant';
 export interface AzureDevOpsSubscriptionProviderInitializer {
     /**
     * The resource ID of the Azure DevOps federated service connection,
@@ -63,6 +63,6 @@ export declare class AzureDevOpsSubscriptionProvider implements AzureSubscriptio
      * @returns A client, the credential used by the client, and the authentication function
      */
     private getSubscriptionClient;
-    onDidSignIn: Event<void>;
-    onDidSignOut: Event<void>;
+    onDidSignIn: vscode.Event<void>;
+    onDidSignOut: vscode.Event<void>;
 }

package/dist/esm/src/AzureDevOpsSubscriptionProvider.js

@@ -2,7 +2,6 @@
  *  Copyright (c) Microsoft Corporation. All rights reserved.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
-import { Disposable } from 'vscode';
 import { getConfiguredAzureEnv } from './utils/configuredAzureEnv';
 let azureDevOpsSubscriptionProvider;
 export function createAzureDevOpsSubscriptionProviderFactory(initializer) {
@@ -140,8 +139,8 @@ export class AzureDevOpsSubscriptionProvider {
             }
         };
     }
-    onDidSignIn = () => { return new Disposable(() => { }); };
-    onDidSignOut = () => { return new Disposable(() => { }); };
+    onDidSignIn = () => { return { dispose() { } }; };
+    onDidSignOut = () => { return { dispose() { } }; };
 }
 /*
 * @param serviceConnectionId The resource ID of the Azure DevOps federated service connection,

package/dist/esm/src/AzureSubscription.d.ts

@@ -1,7 +1,7 @@
 import type { TokenCredential } from '@azure/core-auth';
 import type { Environment } from '@azure/ms-rest-azure-env';
-import * as vscode from "vscode";
-import { AzureAuthentication } from './AzureAuthentication';
+import type * as vscode from "vscode";
+import type { AzureAuthentication } from './AzureAuthentication';
 /**
  * A type representing an Azure subscription ID, not including the tenant ID.
  */

package/dist/esm/src/AzureTenant.d.ts

@@ -1,5 +1,5 @@
-import { TenantIdDescription } from "@azure/arm-resources-subscriptions";
-import * as vscode from 'vscode';
+import type { TenantIdDescription } from "@azure/arm-resources-subscriptions";
+import type * as vscode from 'vscode';
 export interface AzureTenant extends TenantIdDescription {
     account: vscode.AuthenticationSessionAccountInformation;
 }

package/dist/esm/src/VSCodeAzureSubscriptionProvider.d.ts

@@ -1,19 +1,22 @@
 import * as vscode from 'vscode';
 import { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
+import type { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
+import type { AzureTenant } from './AzureTenant';
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable implements AzureSubscriptionProvider {
+export declare class VSCodeAzureSubscriptionProvider implements AzureSubscriptionProvider, vscode.Disposable {
     private readonly logger?;
-    private readonly onDidSignInEmitter;
     private lastSignInEventFired;
     private suppressSignInEvents;
-    private readonly onDidSignOutEmitter;
     private lastSignOutEventFired;
+    private priorAccounts;
     constructor(logger?: vscode.LogOutputChannel | undefined);
+    onDidSignIn(callback: () => any, thisArg?: any, disposables?: vscode.Disposable[]): vscode.Disposable;
+    onDidSignOut(callback: () => any, thisArg?: any, disposables?: vscode.Disposable[]): vscode.Disposable;
+    private onDidChangeSessions;
+    dispose(): void;
     /**
      * Gets a list of tenants available to the user.
      * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
@@ -62,20 +65,12 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
      * @returns True if the user is signed in, false otherwise.
      */
     signIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignIn: vscode.Event<void>;
     /**
      * Signs the user out
      *
      * @deprecated Not currently supported by VS Code auth providers
      */
     signOut(): Promise<void>;
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignOut: vscode.Event<void>;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`

package/dist/esm/src/VSCodeAzureSubscriptionProvider.js

@@ -7,42 +7,82 @@ import { getSessionFromVSCode } from './getSessionFromVSCode';
 import { NotSignedInError } from './NotSignedInError';
 import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from './utils/configuredAzureEnv';
 import { isAuthenticationWwwAuthenticateRequest } from './utils/isAuthenticationWwwAuthenticateRequest';
+import { isGetSubscriptionsAccountFilter, isGetSubscriptionsTenantFilter } from './utils/isGetSubscriptionsFilter';
 const EventDebounce = 5 * 1000; // 5 seconds
+let armSubs;
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+export class VSCodeAzureSubscriptionProvider {
     logger;
-    onDidSignInEmitter = new vscode.EventEmitter();
     lastSignInEventFired = 0;
     suppressSignInEvents = false;
-    onDidSignOutEmitter = new vscode.EventEmitter();
     lastSignOutEventFired = 0;
+    priorAccounts;
     // So that customers can easily share logs, try to only log PII using trace level
     constructor(logger) {
+        this.logger = logger;
+        // Load accounts initially, then onDidChangeSessions can compare against them
+        void vscode.authentication.getAccounts(getConfiguredAuthProviderId()).then(accounts => {
+            this.priorAccounts = Array.from(accounts); // The Array.from is to get rid of the readonly marker on the array returned by the API
+        });
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidSignIn(callback, thisArg, disposables) {
+        return this.onDidChangeSessions(true, callback, thisArg, disposables);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidSignOut(callback, thisArg, disposables) {
+        return this.onDidChangeSessions(false, callback, thisArg, disposables);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    onDidChangeSessions(signIn, callback, thisArg, disposables) {
+        const isASignInEvent = async () => {
+            const currentAccounts = Array.from(await vscode.authentication.getAccounts(getConfiguredAuthProviderId())); // The Array.from is to get rid of the readonly marker on the array returned by the API
+            const priorAccountCount = this.priorAccounts?.length ?? 0;
+            this.priorAccounts = currentAccounts;
+            // The only way a sign out happens is if an account is removed entirely from the list of accounts
+            if (currentAccounts.length === 0 || currentAccounts.length < priorAccountCount) {
+                return false;
+            }
+            return true;
+        };
+        const wrappedCallback = () => {
+            const immediate = setImmediate(() => {
+                clearImmediate(immediate);
+                void callback.call(thisArg);
+            });
+        };
         const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
             // Ignore any sign in that isn't for the configured auth provider
             if (e.provider.id !== getConfiguredAuthProviderId()) {
                 return;
             }
-            if (await this.isSignedIn()) {
-                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
+            if (signIn) {
+                if (this.suppressSignInEvents || Date.now() < this.lastSignInEventFired + EventDebounce) {
+                    return;
+                }
+                else if (await isASignInEvent()) {
                     this.lastSignInEventFired = Date.now();
-                    this.onDidSignInEmitter.fire();
+                    wrappedCallback();
                 }
             }
-            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
-                this.lastSignOutEventFired = Date.now();
-                this.onDidSignOutEmitter.fire();
+            else {
+                if (Date.now() < this.lastSignOutEventFired + EventDebounce) {
+                    return;
+                }
+                else if (!await isASignInEvent()) {
+                    this.lastSignOutEventFired = Date.now();
+                    wrappedCallback();
+                }
             }
         });
-        super(() => {
-            this.onDidSignInEmitter.dispose();
-            this.onDidSignOutEmitter.dispose();
-            disposable.dispose();
-        });
-        this.logger = logger;
+        disposables?.push(disposable);
+        return disposable;
+    }
+    dispose() {
+        // No-op, this class no longer has disposables
     }
     /**
      * Gets a list of tenants available to the user.
@@ -88,24 +128,28 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     async getSubscriptions(filter = true) {
         this.logger?.debug('auth: Loading subscriptions...');
         const startTime = Date.now();
-        const configuredTenantFilter = await this.getTenantFilters();
-        const tenantIdsToFilterBy = 
-        // Only filter by the tenant ID option if it is provided
-        (typeof filter === 'object' && filter.tenantId ? [filter.tenantId] :
+        let tenantIdsToFilterBy;
+        if (isGetSubscriptionsTenantFilter(filter)) {
+            // Only filter by the tenant ID option if it is provided
+            tenantIdsToFilterBy = [filter.tenantId];
+        }
+        else if (filter === true) {
             // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
-            filter === true && configuredTenantFilter.length > 0 ? configuredTenantFilter :
-                undefined);
+            const configuredTenantFilter = await this.getTenantFilters();
+            if (configuredTenantFilter.length > 0) {
+                tenantIdsToFilterBy = configuredTenantFilter;
+            }
+        }
         const allSubscriptions = [];
         let accountCount; // only used for logging
         try {
             this.suppressSignInEvents = true;
             // Get the list of tenants from each account (filtered or all)
-            const accounts = typeof filter === 'object' && filter.account ? [filter.account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+            const accounts = isGetSubscriptionsAccountFilter(filter) ? [filter.account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
             accountCount = accounts.length;
             for (const account of accounts) {
-                for (const tenant of await this.getTenants(account)) {
-                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-                    const tenantId = tenant.tenantId;
+                const tenantIds = isGetSubscriptionsTenantFilter(filter) ? [filter.tenantId] : (await this.getTenants(account)).map(t => t.tenantId);
+                for (const tenantId of tenantIds) {
                     if (tenantIdsToFilterBy?.includes(tenantId) === false) {
                         continue;
                     }
@@ -121,8 +165,9 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
         }
         // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
         // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        // There are also cases where the same subscription could appear in different tenants under the same account so we also need to keep those
         const subscriptionMap = new Map();
-        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.subscriptionId}`, sub));
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.tenantId}/${sub.subscriptionId}`, sub));
         const uniqueSubscriptions = Array.from(subscriptionMap.values());
         const endTime = Date.now();
         this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
@@ -178,18 +223,20 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      */
     async signIn(tenantId, account) {
         this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
-        const session = await getSessionFromVSCode([], tenantId, {
-            createIfNone: true,
-            // If no account is provided, then clear the session preference which tells VS Code to show the account picker
-            clearSessionPreference: !account,
-            account,
-        });
-        return !!session;
+        try {
+            this.suppressSignInEvents = true;
+            const session = await getSessionFromVSCode([], tenantId, {
+                createIfNone: true,
+                // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+                clearSessionPreference: !account,
+                account,
+            });
+            return !!session;
+        }
+        finally {
+            this.suppressSignInEvents = false;
+        }
     }
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignIn = this.onDidSignInEmitter.event;
     /**
      * Signs the user out
      *
@@ -198,10 +245,6 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     signOut() {
         throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
     }
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignOut = this.onDidSignOutEmitter.event;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
@@ -272,7 +315,7 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      * @returns A client, the credential used by the client, and the authentication function
      */
     async getSubscriptionClient(account, tenantId, scopes) {
-        const armSubs = await import('@azure/arm-resources-subscriptions');
+        armSubs ||= await import('@azure/arm-resources-subscriptions');
         const session = await getSessionFromVSCode(scopes, tenantId, { createIfNone: false, silent: true, account });
         if (!session) {
             throw new NotSignedInError();

package/dist/esm/src/index.d.ts

@@ -3,54 +3,9 @@ export * from './AzureDevOpsSubscriptionProvider';
 export * from './AzureSubscription';
 export * from './AzureSubscriptionProvider';
 export * from './AzureTenant';
+export * from './getSessionFromVSCode';
 export * from './NotSignedInError';
 export * from './signInToTenant';
 export * from './utils/configuredAzureEnv';
 export * from './utils/getUnauthenticatedTenants';
 export * from './VSCodeAzureSubscriptionProvider';
-declare module 'vscode' {
-    /**
-     * Represents parameters for creating a session based on a WWW-Authenticate header value.
-     * This is used when an API returns a 401 with a WWW-Authenticate header indicating
-     * that additional authentication is required. The details of which will be passed down
-     * to the authentication provider to create a session.
-     *
-     * @note The authorization provider must support handling challenges and specifically
-     * the challenges in this WWW-Authenticate value.
-     * @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
-     */
-    interface AuthenticationWwwAuthenticateRequest {
-        /**
-         * The raw WWW-Authenticate header value that triggered this challenge.
-         * This will be parsed by the authentication provider to extract the necessary
-         * challenge information.
-         */
-        readonly wwwAuthenticate: string;
-        /**
-         * The fallback scopes to use if no scopes are found in the WWW-Authenticate header.
-         */
-        readonly fallbackScopes?: readonly string[];
-    }
-    /**
-     * Namespace for authentication.
-     */
-    namespace authentication {
-        /**
-         * Get an authentication session matching the desired scopes or request. Rejects if a provider with providerId is not
-         * registered, or if the user does not consent to sharing authentication information with the extension. If there
-         * are multiple sessions with the same scopes, the user will be shown a quickpick to select which account they would like to use.
-         *
-         * Built-in auth providers include:
-         * * 'github' - For GitHub.com
-         * * 'microsoft' For both personal & organizational Microsoft accounts
-         * * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
-         * * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
-         *
-         * @param providerId The id of the provider to use
-         * @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
-         * @param options The {@link AuthenticationGetSessionOptions} to use
-         * @returns A thenable that resolves to an authentication session or undefined if a silent flow was used and no session was found
-         */
-        function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options?: AuthenticationGetSessionOptions): Thenable<AuthenticationSession | undefined>;
-    }
-}

package/dist/esm/src/index.js

@@ -7,6 +7,7 @@ export * from './AzureDevOpsSubscriptionProvider';
 export * from './AzureSubscription';
 export * from './AzureSubscriptionProvider';
 export * from './AzureTenant';
+export * from './getSessionFromVSCode';
 export * from './NotSignedInError';
 export * from './signInToTenant';
 export * from './utils/configuredAzureEnv';

package/dist/esm/src/utils/getUnauthenticatedTenants.d.ts

@@ -1,6 +1,9 @@
+import type * as vscode from "vscode";
 import type { AzureSubscriptionProvider } from "../AzureSubscriptionProvider";
 import type { AzureTenant } from "../AzureTenant";
 /**
+ * @param subscriptionProvider The {@link AzureSubscriptionProvider} to use
+ * @param account (Optional) The account to get unauthenticated tenants for
  * @returns list of tenants that VS Code doesn't have sessions for
  */
-export declare function getUnauthenticatedTenants(subscriptionProvider: AzureSubscriptionProvider): Promise<AzureTenant[]>;
+export declare function getUnauthenticatedTenants(subscriptionProvider: AzureSubscriptionProvider, account?: vscode.AuthenticationSessionAccountInformation): Promise<AzureTenant[]>;

package/dist/esm/src/utils/getUnauthenticatedTenants.js

@@ -3,10 +3,12 @@
 *  Licensed under the MIT License. See License.txt in the project root for license information.
 *--------------------------------------------------------------------------------------------*/
 /**
+ * @param subscriptionProvider The {@link AzureSubscriptionProvider} to use
+ * @param account (Optional) The account to get unauthenticated tenants for
  * @returns list of tenants that VS Code doesn't have sessions for
  */
-export async function getUnauthenticatedTenants(subscriptionProvider) {
-    const tenants = await subscriptionProvider.getTenants();
+export async function getUnauthenticatedTenants(subscriptionProvider, account) {
+    const tenants = await subscriptionProvider.getTenants(account);
     const unauthenticatedTenants = [];
     for await (const tenant of tenants) {
         if (!await subscriptionProvider.isSignedIn(tenant.tenantId, tenant.account)) {

package/dist/esm/src/utils/isGetSubscriptionsFilter.d.ts

@@ -0,0 +1,14 @@
+import type * as vscode from 'vscode';
+import type { GetSubscriptionsFilter } from '../AzureSubscriptionProvider';
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with a tenantId.
+ */
+export declare function isGetSubscriptionsTenantFilter(obj: unknown): obj is GetSubscriptionsFilter & {
+    tenantId: string;
+};
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with an account.
+ */
+export declare function isGetSubscriptionsAccountFilter(obj: unknown): obj is GetSubscriptionsFilter & {
+    account: vscode.AuthenticationSessionAccountInformation;
+};

package/dist/esm/src/utils/isGetSubscriptionsFilter.js

@@ -0,0 +1,23 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.md in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with a tenantId.
+ */
+export function isGetSubscriptionsTenantFilter(obj) {
+    if (typeof obj === 'object' && !!obj && 'tenantId' in obj && typeof obj.tenantId === 'string' && !!obj.tenantId) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with an account.
+ */
+export function isGetSubscriptionsAccountFilter(obj) {
+    if (typeof obj === 'object' && !!obj && 'account' in obj && typeof obj.account === 'object' && !!obj.account) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=isGetSubscriptionsFilter.js.map

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@microsoft/vscode-azext-azureauth",
     "author": "Microsoft Corporation",
-    "version": "5.0.0",
+    "version": "5.1.0",
     "description": "Azure authentication helpers for Visual Studio Code",
     "tags": [
         "azure",
@@ -26,7 +26,7 @@
     "scripts": {
         "build": "npm run build:esm && npm run build:cjs",
         "build:esm": "tsc -p ./",
-        "build:cjs": "tsc -p ./ --outDir ./dist/cjs --module nodenext --moduleResolution nodenext",
+        "build:cjs": "tsc -p ./ --outDir ./dist/cjs --module nodenext --moduleResolution nodenext --declaration false",
         "lint": "eslint --ext .ts .",
         "lint-fix": "eslint --ext .ts . --fix",
         "test": "node ./dist/cjs/test/runTest.js",
@@ -42,7 +42,7 @@
         "@types/glob": "^8.1.0",
         "@types/mocha": "^7.0.2",
         "@types/node": "^18.18.7",
-        "@types/vscode": "1.104.0",
+        "@types/vscode": "1.105.0",
         "@typescript-eslint/eslint-plugin": "^5.53.0",
         "@vscode/test-electron": "^2.3.8",
         "eslint": "^8.34.0",

package/dist/cjs/src/AzureAuthentication.d.ts

@@ -1,21 +0,0 @@
-import type * as vscode from 'vscode';
-/**
- * Represents a means of obtaining authentication data for an Azure subscription.
- */
-export interface AzureAuthentication {
-    /**
-     * Gets a VS Code authentication session for an Azure subscription.
-     * Always uses the default scope, `https://management.azure.com/.default/` and respects `microsoft-sovereign-cloud.environment` setting.
-     *
-     * @returns A VS Code authentication session or undefined, if none could be obtained.
-     */
-    getSession(): vscode.ProviderResult<vscode.AuthenticationSession>;
-    /**
-     * Gets a VS Code authentication session for an Azure subscription.
-     *
-     * @param scopeListOrRequest - The scopes or request for which the authentication is needed.
-     *
-     * @returns A VS Code authentication session or undefined, if none could be obtained.
-     */
-    getSessionWithScopes(scopeListOrRequest: string[] | vscode.AuthenticationWwwAuthenticateRequest): vscode.ProviderResult<vscode.AuthenticationSession>;
-}

package/dist/cjs/src/AzureDevOpsSubscriptionProvider.d.ts

@@ -1,68 +0,0 @@
-import { Event } from 'vscode';
-import { AzureSubscription } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
-export interface AzureDevOpsSubscriptionProviderInitializer {
-    /**
-    * The resource ID of the Azure DevOps federated service connection,
-    *   which can be found on the `resourceId` field of the URL at the address bar
-    *   when viewing the service connection in the Azure DevOps portal
-    */
-    serviceConnectionId: string;
-    /**
-    * The `Tenant ID` field of the service connection properties
-    */
-    domain: string;
-    /**
-    * The `Service Principal Id` field of the service connection properties
-    */
-    clientId: string;
-}
-export declare function createAzureDevOpsSubscriptionProviderFactory(initializer: AzureDevOpsSubscriptionProviderInitializer): () => Promise<AzureDevOpsSubscriptionProvider>;
-/**
- * AzureSubscriptionProvider implemented to authenticate via federated DevOps service connection, using workflow identity federation
- * To learn how to configure your DevOps environment to use this provider, refer to the README.md
- * NOTE: This provider is only available when running in an Azure DevOps pipeline
- * Reference: https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation
- */
-export declare class AzureDevOpsSubscriptionProvider implements AzureSubscriptionProvider {
-    private _tokenCredential;
-    /**
-    * The resource ID of the Azure DevOps federated service connection,
-    *   which can be found on the `resourceId` field of the URL at the address bar
-    *   when viewing the service connection in the Azure DevOps portal
-    */
-    private _SERVICE_CONNECTION_ID;
-    /**
-    * The `Tenant ID` field of the service connection properties
-    */
-    private _DOMAIN;
-    /**
-    * The `Service Principal Id` field of the service connection properties
-    */
-    private _CLIENT_ID;
-    constructor({ serviceConnectionId, domain, clientId }: AzureDevOpsSubscriptionProviderInitializer);
-    getSubscriptions(_filter: boolean | GetSubscriptionsFilter): Promise<AzureSubscription[]>;
-    isSignedIn(): Promise<boolean>;
-    signIn(): Promise<boolean>;
-    signOut(): Promise<void>;
-    getTenants(): Promise<AzureTenant[]>;
-    /**
-     * Gets the subscriptions for a given tenant.
-     *
-     * @param tenantId The tenant ID to get subscriptions for.
-     *
-     * @returns The list of subscriptions for the tenant.
-     */
-    private getSubscriptionsForTenant;
-    /**
-     * Gets a fully-configured subscription client for a given tenant ID
-     *
-     * @param tenantId (Optional) The tenant ID to get a client for
-     *
-     * @returns A client, the credential used by the client, and the authentication function
-     */
-    private getSubscriptionClient;
-    onDidSignIn: Event<void>;
-    onDidSignOut: Event<void>;
-}

package/dist/cjs/src/AzureSubscription.d.ts

@@ -1,49 +0,0 @@
-import type { TokenCredential } from '@azure/core-auth';
-import type { Environment } from '@azure/ms-rest-azure-env';
-import * as vscode from "vscode";
-import { AzureAuthentication } from './AzureAuthentication';
-/**
- * A type representing an Azure subscription ID, not including the tenant ID.
- */
-export type SubscriptionId = string;
-/**
- * A type representing an Azure tenant ID.
- */
-export type TenantId = string;
-/**
- * Represents an Azure subscription.
- */
-export interface AzureSubscription {
-    /**
-     * Access to the authentication session associated with this subscription.
-     */
-    readonly authentication: AzureAuthentication;
-    /**
-     * The Azure environment to which this subscription belongs.
-     */
-    readonly environment: Environment;
-    /**
-     * Whether this subscription belongs to a custom cloud.
-     */
-    readonly isCustomCloud: boolean;
-    /**
-     * The display name of this subscription.
-     */
-    readonly name: string;
-    /**
-     * The ID of this subscription.
-     */
-    readonly subscriptionId: SubscriptionId;
-    /**
-     * The ID of the tenant to which this subscription belongs.
-     */
-    readonly tenantId: TenantId;
-    /**
-     * The credential for authentication to this subscription. Compatible with Azure track 2 SDKs.
-     */
-    readonly credential: TokenCredential;
-    /**
-     * The account associated with this subscription.
-     */
-    readonly account: vscode.AuthenticationSessionAccountInformation;
-}

package/dist/cjs/src/AzureSubscriptionProvider.d.ts

@@ -1,82 +0,0 @@
-import type * as vscode from 'vscode';
-import type { AzureSubscription } from './AzureSubscription';
-import type { AzureTenant } from './AzureTenant';
-/**
- * A filter for {@link AzureSubscriptionProvider.getSubscriptions}
- */
-export type GetSubscriptionsFilter = {
-    /**
-     * The account to get subscriptions for. If not provided, all accounts the extension
-     * currently has access to are used.
-     */
-    account?: vscode.AuthenticationSessionAccountInformation;
-    /**
-     * The tenant to get subscriptions for. If not provided, all tenants for each account
-     * are used.
-     */
-    tenantId?: string;
-};
-/**
- * An interface for obtaining Azure subscription information
- */
-export interface AzureSubscriptionProvider {
-    /**
-     * Gets a list of tenants available to the user.
-     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
-     *
-     * @param account - Optionally pass in a specific account to get tenants for.
-     *
-     * @returns A list of tenants.
-     */
-    getTenants(account?: vscode.AuthenticationSessionAccountInformation): Promise<AzureTenant[]>;
-    /**
-     * Gets a list of Azure subscriptions available to the user.
-     *
-     * @param filter - Whether to filter the list returned. When:
-     * - `true`: according to the list returned by `getTenantFilters()` and `getSubscriptionFilters()`.
-     * - `false`: return all subscriptions.
-     * - `GetSubscriptionsFilter`: according to the values in the filter.
-     *
-     * Optional, default true.
-     *
-     * @returns A list of Azure subscriptions.
-     *
-     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
-     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
-     * the user is signed in.
-     */
-    getSubscriptions(filter: boolean | GetSubscriptionsFilter): Promise<AzureSubscription[]>;
-    /**
-     * Checks to see if a user is signed in.
-     *
-     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
-     *
-     * @returns True if the user is signed in, false otherwise.
-     */
-    isSignedIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * Asks the user to sign in or pick an account to use.
-     *
-     * @param tenantId (Optional) Provide to sign in to a specific tenant.
-     * @param account (Optional) Provide to sign in to a specific account.
-     *
-     * @returns True if the user is signed in, false otherwise.
-     */
-    signIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignIn: vscode.Event<void>;
-    /**
-     * Signs the user out
-     *
-     * @deprecated Not currently supported by VS Code auth providers
-     *
-     * @throws Throws an {@link Error} every time
-     */
-    signOut(): Promise<void>;
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignOut: vscode.Event<void>;
-}

package/dist/cjs/src/AzureTenant.d.ts

@@ -1,5 +0,0 @@
-import { TenantIdDescription } from "@azure/arm-resources-subscriptions";
-import * as vscode from 'vscode';
-export interface AzureTenant extends TenantIdDescription {
-    account: vscode.AuthenticationSessionAccountInformation;
-}

package/dist/cjs/src/NotSignedInError.d.ts

@@ -1,15 +0,0 @@
-/**
- * An error indicating the user is not signed in.
- */
-export declare class NotSignedInError extends Error {
-    readonly isNotSignedInError = true;
-    constructor();
-}
-/**
- * Tests if an object is a `NotSignedInError`. This should be used instead of `instanceof`.
- *
- * @param error The object to test
- *
- * @returns True if the object is a NotSignedInError, false otherwise
- */
-export declare function isNotSignedInError(error: unknown): error is NotSignedInError;

package/dist/cjs/src/VSCodeAzureSubscriptionProvider.d.ts

@@ -1,117 +0,0 @@
-import * as vscode from 'vscode';
-import { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
-/**
- * A class for obtaining Azure subscription information using VSCode's built-in authentication
- * provider.
- */
-export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable implements AzureSubscriptionProvider {
-    private readonly logger?;
-    private readonly onDidSignInEmitter;
-    private lastSignInEventFired;
-    private suppressSignInEvents;
-    private readonly onDidSignOutEmitter;
-    private lastSignOutEventFired;
-    constructor(logger?: vscode.LogOutputChannel | undefined);
-    /**
-     * Gets a list of tenants available to the user.
-     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
-     *
-     * @param account (Optional) A specific account to get tenants for. If not provided, all accounts will be used.
-     *
-     * @returns A list of tenants.
-     */
-    getTenants(account?: vscode.AuthenticationSessionAccountInformation): Promise<AzureTenant[]>;
-    /**
-     * Gets a list of Azure subscriptions available to the user.
-     *
-     * @param filter - Whether to filter the list returned. When:
-     * - `true`: according to the list returned by `getTenantFilters()` and `getSubscriptionFilters()`.
-     * - `false`: return all subscriptions.
-     * - `GetSubscriptionsFilter`: according to the values in the filter.
-     *
-     * Optional, default true.
-     *
-     * @returns A list of Azure subscriptions. The list is sorted by subscription name.
-     * The list can contain duplicate subscriptions if they come from different accounts.
-     *
-     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
-     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
-     * the user is signed in.
-     */
-    getSubscriptions(filter?: boolean | GetSubscriptionsFilter): Promise<AzureSubscription[]>;
-    /**
-     * Checks to see if a user is signed in.
-     *
-     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
-     * @param account (Optional) Provide to check if a user is signed in to a specific account.
-     *
-     * @returns True if the user is signed in, false otherwise.
-     *
-     * If no tenant or account is provided, then
-     * checks all accounts for a session.
-     */
-    isSignedIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * Asks the user to sign in or pick an account to use.
-     *
-     * @param tenantId (Optional) Provide to sign in to a specific tenant.
-     * @param account (Optional) Provide to sign in to a specific account.
-     *
-     * @returns True if the user is signed in, false otherwise.
-     */
-    signIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignIn: vscode.Event<void>;
-    /**
-     * Signs the user out
-     *
-     * @deprecated Not currently supported by VS Code auth providers
-     */
-    signOut(): Promise<void>;
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignOut: vscode.Event<void>;
-    /**
-     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
-     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
-     * and/or `getTenantFilters()` overridden.
-     *
-     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
-     *
-     * @returns A list of tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
-     */
-    protected getTenantFilters(): Promise<TenantId[]>;
-    /**
-     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
-     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
-     * and/or `getTenantFilters()` overridden.
-     *
-     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be returned.
-     *
-     * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
-     */
-    protected getSubscriptionFilters(): Promise<SubscriptionId[]>;
-    /**
-     * Gets the subscriptions for a given tenant.
-     *
-     * @param tenantId The tenant ID to get subscriptions for.
-     * @param account The account to get the subscriptions for.
-     *
-     * @returns The list of subscriptions for the tenant.
-     */
-    private getSubscriptionsForTenant;
-    /**
-     * Gets a fully-configured subscription client for a given tenant ID
-     *
-     * @param tenantId (Optional) The tenant ID to get a client for
-     * @param account The account that you would like to get the session for
-     *
-     * @returns A client, the credential used by the client, and the authentication function
-     */
-    private getSubscriptionClient;
-}

package/dist/cjs/src/getSessionFromVSCode.d.ts

@@ -1,13 +0,0 @@
-import * as vscode from "vscode";
-/**
- * Wraps {@link vscode.authentication.getSession} and handles:
- * * Passing the configured auth provider id
- * * Getting the list of scopes, adding the tenant id to the scope list if needed
- *
- * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
- * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
- * @param tenantId - (Optional) The tenant ID, will be added to the scopes
- * @param options - see {@link vscode.AuthenticationGetSessionOptions}
- * @returns An authentication session if available, or undefined if there are no sessions
- */
-export declare function getSessionFromVSCode(scopeOrListOrRequest?: string | string[] | vscode.AuthenticationWwwAuthenticateRequest, tenantId?: string, options?: vscode.AuthenticationGetSessionOptions): Promise<vscode.AuthenticationSession | undefined>;

package/dist/cjs/src/index.d.ts

@@ -1,56 +0,0 @@
-export * from './AzureAuthentication';
-export * from './AzureDevOpsSubscriptionProvider';
-export * from './AzureSubscription';
-export * from './AzureSubscriptionProvider';
-export * from './AzureTenant';
-export * from './NotSignedInError';
-export * from './signInToTenant';
-export * from './utils/configuredAzureEnv';
-export * from './utils/getUnauthenticatedTenants';
-export * from './VSCodeAzureSubscriptionProvider';
-declare module 'vscode' {
-    /**
-     * Represents parameters for creating a session based on a WWW-Authenticate header value.
-     * This is used when an API returns a 401 with a WWW-Authenticate header indicating
-     * that additional authentication is required. The details of which will be passed down
-     * to the authentication provider to create a session.
-     *
-     * @note The authorization provider must support handling challenges and specifically
-     * the challenges in this WWW-Authenticate value.
-     * @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
-     */
-    interface AuthenticationWwwAuthenticateRequest {
-        /**
-         * The raw WWW-Authenticate header value that triggered this challenge.
-         * This will be parsed by the authentication provider to extract the necessary
-         * challenge information.
-         */
-        readonly wwwAuthenticate: string;
-        /**
-         * The fallback scopes to use if no scopes are found in the WWW-Authenticate header.
-         */
-        readonly fallbackScopes?: readonly string[];
-    }
-    /**
-     * Namespace for authentication.
-     */
-    namespace authentication {
-        /**
-         * Get an authentication session matching the desired scopes or request. Rejects if a provider with providerId is not
-         * registered, or if the user does not consent to sharing authentication information with the extension. If there
-         * are multiple sessions with the same scopes, the user will be shown a quickpick to select which account they would like to use.
-         *
-         * Built-in auth providers include:
-         * * 'github' - For GitHub.com
-         * * 'microsoft' For both personal & organizational Microsoft accounts
-         * * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
-         * * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
-         *
-         * @param providerId The id of the provider to use
-         * @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
-         * @param options The {@link AuthenticationGetSessionOptions} to use
-         * @returns A thenable that resolves to an authentication session or undefined if a silent flow was used and no session was found
-         */
-        function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options?: AuthenticationGetSessionOptions): Thenable<AuthenticationSession | undefined>;
-    }
-}

package/dist/cjs/src/signInToTenant.d.ts

@@ -1,6 +0,0 @@
-import type { AzureSubscriptionProvider } from "./AzureSubscriptionProvider";
-/**
- * Prompts user to select from a list of unauthenticated tenants.
- * Once selected, requests a new session from VS Code specifially for this tenant.
- */
-export declare function signInToTenant(subscriptionProvider: AzureSubscriptionProvider): Promise<void>;

package/dist/cjs/src/utils/configuredAzureEnv.d.ts

@@ -1,24 +0,0 @@
-import * as azureEnv from '@azure/ms-rest-azure-env';
-import * as vscode from 'vscode';
-/**
- * Gets the configured Azure environment.
- *
- * @returns The configured Azure environment from the settings in the built-in authentication provider extension
- */
-export declare function getConfiguredAzureEnv(): azureEnv.Environment & {
-    isCustomCloud: boolean;
-};
-/**
- * Sets the configured Azure cloud.
- *
- * @param cloud Use `'AzureCloud'` or `undefined` for public Azure cloud, `'ChinaCloud'` for Azure China, or `'USGovernment'` for Azure US Government.
- * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` {@link azureEnv.EnvironmentParameters}.
- *
- * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
- */
-export declare function setConfiguredAzureEnv(cloud: 'AzureCloud' | 'ChinaCloud' | 'USGovernment' | undefined | azureEnv.EnvironmentParameters, target?: vscode.ConfigurationTarget): Promise<void>;
-/**
- * Gets the ID of the authentication provider configured to be used
- * @returns The provider ID to use, either `'microsoft'` or `'microsoft-sovereign-cloud'`
- */
-export declare function getConfiguredAuthProviderId(): string;

package/dist/cjs/src/utils/getUnauthenticatedTenants.d.ts

@@ -1,6 +0,0 @@
-import type { AzureSubscriptionProvider } from "../AzureSubscriptionProvider";
-import type { AzureTenant } from "../AzureTenant";
-/**
- * @returns list of tenants that VS Code doesn't have sessions for
- */
-export declare function getUnauthenticatedTenants(subscriptionProvider: AzureSubscriptionProvider): Promise<AzureTenant[]>;

package/dist/cjs/src/utils/isAuthenticationWwwAuthenticateRequest.d.ts

@@ -1,2 +0,0 @@
-import type * as vscode from "vscode";
-export declare function isAuthenticationWwwAuthenticateRequest(obj: unknown): obj is vscode.AuthenticationWwwAuthenticateRequest;