Linux: authentication fails on Ubuntu 22.04

[jramsay]

Does this issue occur when all extensions are disabled?: Yes

Version: 1.70.2
Commit: e4503b3
Date: 2022-08-16T05:36:25.715Z
Electron: 18.3.5
Chromium: 100.0.4896.160
Node.js: 16.13.2
V8: 10.0.139.17-electron.0
OS: Linux x64 5.15.0-27-generic snap

In the course of testing the Live Share agentless extension on Ubuntu 22.04 LTS noticed that our extension is getting stuck on signing in.

Created a basic extension using Yeoman and VS Code Extension Generator. I added the following code in activate:

Steps to Reproduce:

1. Create a basic extension and add the following:

   let session: any;
   try {
   console.log('before getSession');
   session = await vscode.authentication.getSession('github', ['read:user', 'user:email'], {createIfNone: true});
   } catch(e) {
   console.log('error');
   }
   console.log(session.accessToken);

On Linux, getSession appears to complete the full handshake with GitHub provider but it never returns a session. If I look in the Activity Bar > Accounts my GitHub account does appear to be signed in correctly.

If I do the same test on Windows a session is returned after the auth handshake.

[eddyu0]

I'm having a similar issue when trying to sign in with Github through the live share sign in command, which vscode gives this error message Signing in: Auth token returned by github provider is empty..

And the github authentication log seems to suggest it couldn't find any session.

[Info  - 15:11:32.808] Getting sessions for read:user,user:email...
[Info  - 15:11:32.809] Got 0 sessions for read:user,user:email...

I'm also on Ubuntu 22.04, and I'm suspecting upgrading to 22.04 causes this issue as it did with other issues like this one microsoft/live-share#4662

[TylerLeonhardt]

can you let me know if this works:

$ npx @emacs-grammarly/keytar-cli set-pass -s service1 -a testuser -p xxxxxx
Successfully set the creds for testuser@service1!

$ npx keytar-cli find-creds -s service1
Here are the creds for service1 [ { account: 'testuser', password: 'password' } ]

VS Code uses keytar in order to write to the keychain. This 3rd party package wraps that library in a thin CLI for easy testing. I wanna double check that keytar still works in 22.04.

[eddyu0]

@TylerLeonhardt it works for me

[jramsay]

Thanks @eddieyu1998! I'm able to successfully retrieve the session from vscode.authentication.getSession, and start a Live Share session, after installing libssl1.1 and restarting the Ubuntu 22.04 VM.

[TylerLeonhardt]

My suspicion is that this is happening in the library we use to encrypt secrets. We have been using OpenSSL 1.1.* for the longest time... but it seems Ubuntu 22.04 has removed libssl1.1 which... I would guess... is a dependency that OpenSSL 1.1.* depends on.

My thinking is that we could:

• Try to use Electron's built-in boringssl (which at the time, didn't have the APIs we use in OpenSSL)
• Try to use OpenSSL 3.0 which... I would guess... depends on libssl3.0

@deepak1556 any thoughts here?

[deepak1556]

@TylerLeonhardt I have verified the vscode-encrypt module shipped with our 1.71 stable release and the module does not dynamically link to libssl. The following output is from Ubuntu 22.04 VM, as you can see I have only libssl3 packaged installed on the system and the module test suites are run with the library shipped with our snap package.

$ ELECTRON_RUN_AS_NODE=1 ~/Downloads/electron-v19.0.12-linux-x64/electron ./node_modules/.bin/mocha test/test.js


  Encrypt
    ✓ should round trip a value
    ✓ should round trip a value with a space in it
    ✓ performs multiple encryption/decryptions in a row
    ✓ should generate serialNumber from signed executable only on windows
    ✓ should reject with error for invalid decrypt string


  5 passing (10ms)

$ ldconfig -p | grep libssl
	libssl3.so (libc6,x86-64) => /lib/x86_64-linux-gnu/libssl3.so
	libssl.so.3 (libc6,x86-64) => /lib/x86_64-linux-gnu/libssl.so.3

$ readelf -d /snap/code/106/usr/share/code/resources/app/node_modules.asar.unpacked/vscode-encrypt/build/Release/vscode-encrypt-native.node | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]

[deepak1556]

I also did the same set of tests for keytar as well. Atleast from this, we can confirm that both native modules we have shipped are fine on Ubuntu 22.04. At this point, I think we need further investigation on VSCode core to narrow down the problematic component. Can you take over for investigating in core ? Feel free to loop me in if there are issues in the native module.

[deepak1556]

I revisited this today to repro with the steps from @jramsay. I am on Ubuntu 22.04 with wayland session and using snap install of VSCode. I was able to get the session from vscode.authentication.getSession with both stable release 1.71.2 and insiders release 1.72.0. @jramsay can you try again with latest stable or insiders to see if the issue repros. Also can you confirm what is the value for $XDG_SESSION_TYPE

[vscodenpa]

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!