Apply vscode Authentication plugin API

[vinokurig]

What it does

Apply vscode Authentication plugin API: https://github.com/microsoft/vscode/blob/ab42ffc44c709aded523b15399a070ae8c724824/src/vs/vscode.proposed.d.ts#L98-L131

Related CQ: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=22526

How to test

1. Download the sample plugin or clone and compile the sample project: https://github.com/vinokurig/authentication.git
2. Start the hosted plugin
3. Click the Accounts icon in the left bottom side and see:
   
4. Run F1 => Authentication Sign in command and click Allow:
   
   see the token message:
   
5. Sign out from the account with the help of the account menu:
   
   
   
6. Click the Accounts icon and see the login item:
   
   Click the login item and the token notification must appear:
   
7. Run F1 => Authentication Sign in command and see:
   

vscode has manage trusted extensions feature that was not implemented because it requires quick-pick with multi-select: #5673

Review checklist

• as an author, I have thoroughly tested my changes and carefully followed the review guidelines

Reminder for reviewers

• as a reviewer, I agree to behave in accordance with the review guidelines

[akosyakov]

I don't have time to review it. @azatsarynnyy @tsmaeder @benoitf Could someone to take it over?

Important concerns here:

• security: probably extension should no easy grab any session, but there should be some actions from users to grant permissions. We should check with VS Code how it works and enforced.
• extensibility: When we integrate authentication within other products there should be a way to register providers from Theia extensions, i.e. imagine user token in Gitpod (it does not come from VS Code extension). Probably there is something like that in Che too.

[akosyakov]

#8372 brings abilities to add menus at the bottom of the left side bar. In VS Code there are commands to manage accounts, as well as menu items including in the left side bar. Should not this PR cover it as well?

[vinokurig]

@akosyakov
We can add those actions in the next iteration as an improvements after the new menu items PR is merged.

[vinokurig]

#8372 is merged so I'll try to port the authentication actions from vscode in this PR

[azatsarynnyy]

Thanks for providing the test plugin!

I'm testing it using the provided plugin and I see an empty row in the quick pick at step 5:

After choosing it nothing happens.

[akosyakov]

#8372 is merged so I'll try to port the authentication actions from vscode in this PR

@vinokurig I am fine with another PR too if this PR is complete in some sense.

Could you elaborate please?

• How it is ensured that an arbitrary VS Code extension cannot access an arbitrary token?
• How one can add a custom provider via Theia extension, i.e. if my product already does authentication with GitHub and I would like to provide a token to VS Code extensions.

Rather than that please rely on @azatsarynnyy for the approve.

[vinokurig]

@azatsarynnyy I've updated the test plugin and the how to test section` according to the new left bottom menu actions, so now the quick pick should show correct items.

[vinokurig]

@tsmaeder I've fixed all your comments, could you please review the PR again?

[azatsarynnyy]

It seems something wrong with Sign out dialog.

It's different in the provided How to test section.

Other steps work well.

[vinokurig]

@azatsarynnyy Thank you for finding this bug, looks like my browser have cached this data. I was able to reproduce it in incognito mode. I've fixed it in my last commit.

[vinokurig]

@tsmaeder Could you please review this PR again?

[vinokurig]

@tsmaeder @azatsarynnyy I've fixed all your comments, could you please review this PR again?

[azatsarynnyy]

LGTM

[vinokurig]

@tsmaeder any updates?

All comments have been addressed, but I can't approve, since I didn't test the code.

[vinokurig]

@akosyakov @westbury is it OK to merge?

[akosyakov]

yes, please clean up the history before