@microsoft/vscode-azext-azureauth 5.0.0 → 5.1.1

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## 5.1.1 - 2025-10-28
+
+* [#2111](https://github.com/microsoft/vscode-azuretools/pull/2111) Same as https://github.com/microsoft/vscode-azuretools/pull/2110 but a better fix.
+
+## 5.1.0 - 2025-10-27
+
+* [#2102](https://github.com/microsoft/vscode-azuretools/pull/2102) Fixes an issue causing infinite event loops especially in https://vscode.dev/azure
+* [#2110](https://github.com/microsoft/vscode-azuretools/pull/2110) `vscode.authentication.onDidChangeSessions()` is no longer subscribed to unless the caller calls `AzureSubscriptionProvider.onDidSignIn()` or `AzureSubscriptionProvider.onDidSignOut()`.
+
+## 5.0.0 - 2025-10-07
+
+* [#2092](https://github.com/microsoft/vscode-azuretools/pull/2092) Converts from CJS only to CJS+ESM
+* Adopts finalized auth challenges API
+
 ## 4.2.2 - 2025-09-10
 
 * [#2073](https://github.com/microsoft/vscode-azuretools/pull/2073) Changes to adjust to proposed API changes

package/dist/cjs/src/AzureDevOpsSubscriptionProvider.js

@@ -6,7 +6,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AzureDevOpsSubscriptionProvider = void 0;
 exports.createAzureDevOpsSubscriptionProviderFactory = createAzureDevOpsSubscriptionProviderFactory;
-const vscode_1 = require("vscode");
 const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
 let azureDevOpsSubscriptionProvider;
 function createAzureDevOpsSubscriptionProviderFactory(initializer) {
@@ -144,8 +143,8 @@ class AzureDevOpsSubscriptionProvider {
             }
         };
     }
-    onDidSignIn = () => { return new vscode_1.Disposable(() => { }); };
-    onDidSignOut = () => { return new vscode_1.Disposable(() => { }); };
+    onDidSignIn = () => { return { dispose() { } }; };
+    onDidSignOut = () => { return { dispose() { } }; };
 }
 exports.AzureDevOpsSubscriptionProvider = AzureDevOpsSubscriptionProvider;
 /*

package/dist/cjs/src/VSCodeAzureSubscriptionProvider.js

@@ -43,42 +43,92 @@ const getSessionFromVSCode_1 = require("./getSessionFromVSCode");
 const NotSignedInError_1 = require("./NotSignedInError");
 const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
 const isAuthenticationWwwAuthenticateRequest_1 = require("./utils/isAuthenticationWwwAuthenticateRequest");
+const isGetSubscriptionsFilter_1 = require("./utils/isGetSubscriptionsFilter");
 const EventDebounce = 5 * 1000; // 5 seconds
+let armSubs;
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+class VSCodeAzureSubscriptionProvider {
     logger;
+    listenerDisposable;
     onDidSignInEmitter = new vscode.EventEmitter();
-    lastSignInEventFired = 0;
-    suppressSignInEvents = false;
     onDidSignOutEmitter = new vscode.EventEmitter();
-    lastSignOutEventFired = 0;
+    lastEventFired = 0;
+    suppressEvents = false;
+    priorAccounts;
+    accountsRemovedPromise;
     // So that customers can easily share logs, try to only log PII using trace level
     constructor(logger) {
-        const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
+        this.logger = logger;
+        void this.accountsRemoved(); // Initialize priorAccounts
+    }
+    dispose() {
+        this.listenerDisposable?.dispose();
+        this.onDidSignInEmitter.dispose();
+        this.onDidSignOutEmitter.dispose();
+    }
+    onDidSignIn(callback, thisArg, disposables) {
+        this.listenIfNeeded();
+        return this.onDidSignInEmitter.event(callback, thisArg, disposables);
+    }
+    onDidSignOut(callback, thisArg, disposables) {
+        this.listenIfNeeded();
+        return this.onDidSignOutEmitter.event(callback, thisArg, disposables);
+    }
+    listenIfNeeded() {
+        if (this.listenerDisposable) {
+            return;
+        }
+        this.listenerDisposable = vscode.authentication.onDidChangeSessions(async (e) => {
             // Ignore any sign in that isn't for the configured auth provider
             if (e.provider.id !== (0, configuredAzureEnv_1.getConfiguredAuthProviderId)()) {
                 return;
             }
-            if (await this.isSignedIn()) {
-                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
-                    this.lastSignInEventFired = Date.now();
-                    this.onDidSignInEmitter.fire();
-                }
+            if (this.suppressEvents || Date.now() < this.lastEventFired + EventDebounce) {
+                return;
+            }
+            this.lastEventFired = Date.now();
+            if (!await this.accountsRemoved()) {
+                this.logger?.debug('auth: Firing onDidSignIn event');
+                this.onDidSignInEmitter.fire();
             }
-            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
-                this.lastSignOutEventFired = Date.now();
+            else {
+                this.logger?.debug('auth: Firing onDidSignOut event');
                 this.onDidSignOutEmitter.fire();
             }
         });
-        super(() => {
-            this.onDidSignInEmitter.dispose();
-            this.onDidSignOutEmitter.dispose();
-            disposable.dispose();
-        });
-        this.logger = logger;
+    }
+    async accountsRemoved() {
+        // If there's already an ongoing accountsRemoved operation, return its result
+        if (this.accountsRemovedPromise) {
+            return this.accountsRemovedPromise;
+        }
+        // Create a new promise for this operation
+        this.accountsRemovedPromise = (async () => {
+            try {
+                this.suppressEvents = true;
+                const currentAccounts = Array.from(await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)()));
+                const priorAccountCount = this.priorAccounts?.length ?? 0;
+                this.priorAccounts = currentAccounts;
+                // The only way a sign out happens is if an account is removed entirely from the list of accounts
+                if (currentAccounts.length === 0 || currentAccounts.length < priorAccountCount) {
+                    return true;
+                }
+                return false;
+            }
+            finally {
+                this.suppressEvents = false;
+            }
+        })();
+        try {
+            return await this.accountsRemovedPromise;
+        }
+        finally {
+            // Clear the promise when done so future calls can proceed
+            this.accountsRemovedPromise = undefined;
+        }
     }
     /**
      * Gets a list of tenants available to the user.
@@ -124,24 +174,28 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     async getSubscriptions(filter = true) {
         this.logger?.debug('auth: Loading subscriptions...');
         const startTime = Date.now();
-        const configuredTenantFilter = await this.getTenantFilters();
-        const tenantIdsToFilterBy = 
-        // Only filter by the tenant ID option if it is provided
-        (typeof filter === 'object' && filter.tenantId ? [filter.tenantId] :
+        let tenantIdsToFilterBy;
+        if ((0, isGetSubscriptionsFilter_1.isGetSubscriptionsTenantFilter)(filter)) {
+            // Only filter by the tenant ID option if it is provided
+            tenantIdsToFilterBy = [filter.tenantId];
+        }
+        else if (filter === true) {
             // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
-            filter === true && configuredTenantFilter.length > 0 ? configuredTenantFilter :
-                undefined);
+            const configuredTenantFilter = await this.getTenantFilters();
+            if (configuredTenantFilter.length > 0) {
+                tenantIdsToFilterBy = configuredTenantFilter;
+            }
+        }
         const allSubscriptions = [];
         let accountCount; // only used for logging
         try {
-            this.suppressSignInEvents = true;
+            this.suppressEvents = true;
             // Get the list of tenants from each account (filtered or all)
-            const accounts = typeof filter === 'object' && filter.account ? [filter.account] : await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
+            const accounts = (0, isGetSubscriptionsFilter_1.isGetSubscriptionsAccountFilter)(filter) ? [filter.account] : await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
             accountCount = accounts.length;
             for (const account of accounts) {
-                for (const tenant of await this.getTenants(account)) {
-                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-                    const tenantId = tenant.tenantId;
+                const tenantIds = (0, isGetSubscriptionsFilter_1.isGetSubscriptionsTenantFilter)(filter) ? [filter.tenantId] : (await this.getTenants(account)).map(t => t.tenantId);
+                for (const tenantId of tenantIds) {
                     if (tenantIdsToFilterBy?.includes(tenantId) === false) {
                         continue;
                     }
@@ -153,12 +207,13 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
             }
         }
         finally {
-            this.suppressSignInEvents = false;
+            this.suppressEvents = false;
         }
         // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
         // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        // There are also cases where the same subscription could appear in different tenants under the same account so we also need to keep those
         const subscriptionMap = new Map();
-        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.subscriptionId}`, sub));
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.tenantId}/${sub.subscriptionId}`, sub));
         const uniqueSubscriptions = Array.from(subscriptionMap.values());
         const endTime = Date.now();
         this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
@@ -214,18 +269,20 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      */
     async signIn(tenantId, account) {
         this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
-        const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)([], tenantId, {
-            createIfNone: true,
-            // If no account is provided, then clear the session preference which tells VS Code to show the account picker
-            clearSessionPreference: !account,
-            account,
-        });
-        return !!session;
+        try {
+            this.suppressEvents = true;
+            const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)([], tenantId, {
+                createIfNone: true,
+                // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+                clearSessionPreference: !account,
+                account,
+            });
+            return !!session;
+        }
+        finally {
+            this.suppressEvents = false;
+        }
     }
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignIn = this.onDidSignInEmitter.event;
     /**
      * Signs the user out
      *
@@ -234,10 +291,6 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     signOut() {
         throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
     }
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignOut = this.onDidSignOutEmitter.event;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
@@ -308,7 +361,7 @@ class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      * @returns A client, the credential used by the client, and the authentication function
      */
     async getSubscriptionClient(account, tenantId, scopes) {
-        const armSubs = await import('@azure/arm-resources-subscriptions');
+        armSubs ||= await import('@azure/arm-resources-subscriptions');
         const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(scopes, tenantId, { createIfNone: false, silent: true, account });
         if (!session) {
             throw new NotSignedInError_1.NotSignedInError();

package/dist/cjs/src/index.js

@@ -23,6 +23,7 @@ __exportStar(require("./AzureDevOpsSubscriptionProvider"), exports);
 __exportStar(require("./AzureSubscription"), exports);
 __exportStar(require("./AzureSubscriptionProvider"), exports);
 __exportStar(require("./AzureTenant"), exports);
+__exportStar(require("./getSessionFromVSCode"), exports);
 __exportStar(require("./NotSignedInError"), exports);
 __exportStar(require("./signInToTenant"), exports);
 __exportStar(require("./utils/configuredAzureEnv"), exports);

package/dist/cjs/src/utils/getUnauthenticatedTenants.js

@@ -6,10 +6,12 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getUnauthenticatedTenants = getUnauthenticatedTenants;
 /**
+ * @param subscriptionProvider The {@link AzureSubscriptionProvider} to use
+ * @param account (Optional) The account to get unauthenticated tenants for
  * @returns list of tenants that VS Code doesn't have sessions for
  */
-async function getUnauthenticatedTenants(subscriptionProvider) {
-    const tenants = await subscriptionProvider.getTenants();
+async function getUnauthenticatedTenants(subscriptionProvider, account) {
+    const tenants = await subscriptionProvider.getTenants(account);
     const unauthenticatedTenants = [];
     for await (const tenant of tenants) {
         if (!await subscriptionProvider.isSignedIn(tenant.tenantId, tenant.account)) {

package/dist/cjs/src/utils/isGetSubscriptionsFilter.js

@@ -0,0 +1,27 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.md in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isGetSubscriptionsTenantFilter = isGetSubscriptionsTenantFilter;
+exports.isGetSubscriptionsAccountFilter = isGetSubscriptionsAccountFilter;
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with a tenantId.
+ */
+function isGetSubscriptionsTenantFilter(obj) {
+    if (typeof obj === 'object' && !!obj && 'tenantId' in obj && typeof obj.tenantId === 'string' && !!obj.tenantId) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if an object is a {@link GetSubscriptionsFilter} with an account.
+ */
+function isGetSubscriptionsAccountFilter(obj) {
+    if (typeof obj === 'object' && !!obj && 'account' in obj && typeof obj.account === 'object' && !!obj.account) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=isGetSubscriptionsFilter.js.map

package/dist/esm/src/AzureDevOpsSubscriptionProvider.d.ts

@@ -1,7 +1,7 @@
-import { Event } from 'vscode';
-import { AzureSubscription } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
+import type * as vscode from 'vscode';
+import type { AzureSubscription } from './AzureSubscription';
+import type { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
+import type { AzureTenant } from './AzureTenant';
 export interface AzureDevOpsSubscriptionProviderInitializer {
     /**
     * The resource ID of the Azure DevOps federated service connection,
@@ -63,6 +63,6 @@ export declare class AzureDevOpsSubscriptionProvider implements AzureSubscriptio
      * @returns A client, the credential used by the client, and the authentication function
      */
     private getSubscriptionClient;
-    onDidSignIn: Event<void>;
-    onDidSignOut: Event<void>;
+    onDidSignIn: vscode.Event<void>;
+    onDidSignOut: vscode.Event<void>;
 }

package/dist/esm/src/AzureDevOpsSubscriptionProvider.js

@@ -2,7 +2,6 @@
  *  Copyright (c) Microsoft Corporation. All rights reserved.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
-import { Disposable } from 'vscode';
 import { getConfiguredAzureEnv } from './utils/configuredAzureEnv';
 let azureDevOpsSubscriptionProvider;
 export function createAzureDevOpsSubscriptionProviderFactory(initializer) {
@@ -140,8 +139,8 @@ export class AzureDevOpsSubscriptionProvider {
             }
         };
     }
-    onDidSignIn = () => { return new Disposable(() => { }); };
-    onDidSignOut = () => { return new Disposable(() => { }); };
+    onDidSignIn = () => { return { dispose() { } }; };
+    onDidSignOut = () => { return { dispose() { } }; };
 }
 /*
 * @param serviceConnectionId The resource ID of the Azure DevOps federated service connection,

package/dist/esm/src/AzureSubscription.d.ts

@@ -1,7 +1,7 @@
 import type { TokenCredential } from '@azure/core-auth';
 import type { Environment } from '@azure/ms-rest-azure-env';
-import * as vscode from "vscode";
-import { AzureAuthentication } from './AzureAuthentication';
+import type * as vscode from "vscode";
+import type { AzureAuthentication } from './AzureAuthentication';
 /**
  * A type representing an Azure subscription ID, not including the tenant ID.
  */

package/dist/esm/src/AzureTenant.d.ts

@@ -1,5 +1,5 @@
-import { TenantIdDescription } from "@azure/arm-resources-subscriptions";
-import * as vscode from 'vscode';
+import type { TenantIdDescription } from "@azure/arm-resources-subscriptions";
+import type * as vscode from 'vscode';
 export interface AzureTenant extends TenantIdDescription {
     account: vscode.AuthenticationSessionAccountInformation;
 }

package/dist/esm/src/VSCodeAzureSubscriptionProvider.d.ts

@@ -1,19 +1,26 @@
 import * as vscode from 'vscode';
 import { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscription';
-import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
-import { AzureTenant } from './AzureTenant';
+import type { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
+import type { AzureTenant } from './AzureTenant';
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable implements AzureSubscriptionProvider {
+export declare class VSCodeAzureSubscriptionProvider implements AzureSubscriptionProvider, vscode.Disposable {
     private readonly logger?;
+    private listenerDisposable;
     private readonly onDidSignInEmitter;
-    private lastSignInEventFired;
-    private suppressSignInEvents;
     private readonly onDidSignOutEmitter;
-    private lastSignOutEventFired;
+    private lastEventFired;
+    private suppressEvents;
+    private priorAccounts;
+    private accountsRemovedPromise;
     constructor(logger?: vscode.LogOutputChannel | undefined);
+    dispose(): void;
+    onDidSignIn(callback: () => unknown, thisArg?: unknown, disposables?: vscode.Disposable[]): vscode.Disposable;
+    onDidSignOut(callback: () => unknown, thisArg?: unknown, disposables?: vscode.Disposable[]): vscode.Disposable;
+    private listenIfNeeded;
+    private accountsRemoved;
     /**
      * Gets a list of tenants available to the user.
      * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
@@ -62,20 +69,12 @@ export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable i
      * @returns True if the user is signed in, false otherwise.
      */
     signIn(tenantId?: string, account?: vscode.AuthenticationSessionAccountInformation): Promise<boolean>;
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignIn: vscode.Event<void>;
     /**
      * Signs the user out
      *
      * @deprecated Not currently supported by VS Code auth providers
      */
     signOut(): Promise<void>;
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    readonly onDidSignOut: vscode.Event<void>;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`

package/dist/esm/src/VSCodeAzureSubscriptionProvider.js

@@ -7,42 +7,92 @@ import { getSessionFromVSCode } from './getSessionFromVSCode';
 import { NotSignedInError } from './NotSignedInError';
 import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from './utils/configuredAzureEnv';
 import { isAuthenticationWwwAuthenticateRequest } from './utils/isAuthenticationWwwAuthenticateRequest';
+import { isGetSubscriptionsAccountFilter, isGetSubscriptionsTenantFilter } from './utils/isGetSubscriptionsFilter';
 const EventDebounce = 5 * 1000; // 5 seconds
+let armSubs;
 /**
  * A class for obtaining Azure subscription information using VSCode's built-in authentication
  * provider.
  */
-export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+export class VSCodeAzureSubscriptionProvider {
     logger;
+    listenerDisposable;
     onDidSignInEmitter = new vscode.EventEmitter();
-    lastSignInEventFired = 0;
-    suppressSignInEvents = false;
     onDidSignOutEmitter = new vscode.EventEmitter();
-    lastSignOutEventFired = 0;
+    lastEventFired = 0;
+    suppressEvents = false;
+    priorAccounts;
+    accountsRemovedPromise;
     // So that customers can easily share logs, try to only log PII using trace level
     constructor(logger) {
-        const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
+        this.logger = logger;
+        void this.accountsRemoved(); // Initialize priorAccounts
+    }
+    dispose() {
+        this.listenerDisposable?.dispose();
+        this.onDidSignInEmitter.dispose();
+        this.onDidSignOutEmitter.dispose();
+    }
+    onDidSignIn(callback, thisArg, disposables) {
+        this.listenIfNeeded();
+        return this.onDidSignInEmitter.event(callback, thisArg, disposables);
+    }
+    onDidSignOut(callback, thisArg, disposables) {
+        this.listenIfNeeded();
+        return this.onDidSignOutEmitter.event(callback, thisArg, disposables);
+    }
+    listenIfNeeded() {
+        if (this.listenerDisposable) {
+            return;
+        }
+        this.listenerDisposable = vscode.authentication.onDidChangeSessions(async (e) => {
             // Ignore any sign in that isn't for the configured auth provider
             if (e.provider.id !== getConfiguredAuthProviderId()) {
                 return;
             }
-            if (await this.isSignedIn()) {
-                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
-                    this.lastSignInEventFired = Date.now();
-                    this.onDidSignInEmitter.fire();
-                }
+            if (this.suppressEvents || Date.now() < this.lastEventFired + EventDebounce) {
+                return;
+            }
+            this.lastEventFired = Date.now();
+            if (!await this.accountsRemoved()) {
+                this.logger?.debug('auth: Firing onDidSignIn event');
+                this.onDidSignInEmitter.fire();
             }
-            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
-                this.lastSignOutEventFired = Date.now();
+            else {
+                this.logger?.debug('auth: Firing onDidSignOut event');
                 this.onDidSignOutEmitter.fire();
             }
         });
-        super(() => {
-            this.onDidSignInEmitter.dispose();
-            this.onDidSignOutEmitter.dispose();
-            disposable.dispose();
-        });
-        this.logger = logger;
+    }
+    async accountsRemoved() {
+        // If there's already an ongoing accountsRemoved operation, return its result
+        if (this.accountsRemovedPromise) {
+            return this.accountsRemovedPromise;
+        }
+        // Create a new promise for this operation
+        this.accountsRemovedPromise = (async () => {
+            try {
+                this.suppressEvents = true;
+                const currentAccounts = Array.from(await vscode.authentication.getAccounts(getConfiguredAuthProviderId()));
+                const priorAccountCount = this.priorAccounts?.length ?? 0;
+                this.priorAccounts = currentAccounts;
+                // The only way a sign out happens is if an account is removed entirely from the list of accounts
+                if (currentAccounts.length === 0 || currentAccounts.length < priorAccountCount) {
+                    return true;
+                }
+                return false;
+            }
+            finally {
+                this.suppressEvents = false;
+            }
+        })();
+        try {
+            return await this.accountsRemovedPromise;
+        }
+        finally {
+            // Clear the promise when done so future calls can proceed
+            this.accountsRemovedPromise = undefined;
+        }
     }
     /**
      * Gets a list of tenants available to the user.
@@ -88,24 +138,28 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     async getSubscriptions(filter = true) {
         this.logger?.debug('auth: Loading subscriptions...');
         const startTime = Date.now();
-        const configuredTenantFilter = await this.getTenantFilters();
-        const tenantIdsToFilterBy = 
-        // Only filter by the tenant ID option if it is provided
-        (typeof filter === 'object' && filter.tenantId ? [filter.tenantId] :
+        let tenantIdsToFilterBy;
+        if (isGetSubscriptionsTenantFilter(filter)) {
+            // Only filter by the tenant ID option if it is provided
+            tenantIdsToFilterBy = [filter.tenantId];
+        }
+        else if (filter === true) {
             // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
-            filter === true && configuredTenantFilter.length > 0 ? configuredTenantFilter :
-                undefined);
+            const configuredTenantFilter = await this.getTenantFilters();
+            if (configuredTenantFilter.length > 0) {
+                tenantIdsToFilterBy = configuredTenantFilter;
+            }
+        }
         const allSubscriptions = [];
         let accountCount; // only used for logging
         try {
-            this.suppressSignInEvents = true;
+            this.suppressEvents = true;
             // Get the list of tenants from each account (filtered or all)
-            const accounts = typeof filter === 'object' && filter.account ? [filter.account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+            const accounts = isGetSubscriptionsAccountFilter(filter) ? [filter.account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
             accountCount = accounts.length;
             for (const account of accounts) {
-                for (const tenant of await this.getTenants(account)) {
-                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-                    const tenantId = tenant.tenantId;
+                const tenantIds = isGetSubscriptionsTenantFilter(filter) ? [filter.tenantId] : (await this.getTenants(account)).map(t => t.tenantId);
+                for (const tenantId of tenantIds) {
                     if (tenantIdsToFilterBy?.includes(tenantId) === false) {
                         continue;
                     }
@@ -117,12 +171,13 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
             }
         }
         finally {
-            this.suppressSignInEvents = false;
+            this.suppressEvents = false;
         }
         // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
         // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        // There are also cases where the same subscription could appear in different tenants under the same account so we also need to keep those
         const subscriptionMap = new Map();
-        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.subscriptionId}`, sub));
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.tenantId}/${sub.subscriptionId}`, sub));
         const uniqueSubscriptions = Array.from(subscriptionMap.values());
         const endTime = Date.now();
         this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
@@ -178,18 +233,20 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      */
     async signIn(tenantId, account) {
         this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
-        const session = await getSessionFromVSCode([], tenantId, {
-            createIfNone: true,
-            // If no account is provided, then clear the session preference which tells VS Code to show the account picker
-            clearSessionPreference: !account,
-            account,
-        });
-        return !!session;
+        try {
+            this.suppressEvents = true;
+            const session = await getSessionFromVSCode([], tenantId, {
+                createIfNone: true,
+                // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+                clearSessionPreference: !account,
+                account,
+            });
+            return !!session;
+        }
+        finally {
+            this.suppressEvents = false;
+        }
     }
-    /**
-     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignIn = this.onDidSignInEmitter.event;
     /**
      * Signs the user out
      *
@@ -198,10 +255,6 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
     signOut() {
         throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
     }
-    /**
-     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
-     */
-    onDidSignOut = this.onDidSignOutEmitter.event;
     /**
      * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
      * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
@@ -272,7 +325,7 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
      * @returns A client, the credential used by the client, and the authentication function
      */
     async getSubscriptionClient(account, tenantId, scopes) {
-        const armSubs = await import('@azure/arm-resources-subscriptions');
+        armSubs ||= await import('@azure/arm-resources-subscriptions');
         const session = await getSessionFromVSCode(scopes, tenantId, { createIfNone: false, silent: true, account });
         if (!session) {
             throw new NotSignedInError();