Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect behavior of granting access for the extension to existing authentication session using Manage Trusted Extensions functionality #227694

Open
AnnaSalata opened this issue Sep 5, 2024 · 2 comments
Open

Incorrect behavior of granting access for the extension to existing authentication session using Manage Trusted Extensions functionality #227694

AnnaSalata opened this issue Sep 5, 2024 · 2 comments
Assignees
@TylerLeonhardt
Labels
authentication Issues with the Authentication platform bug Issue identified by VS Code Team member as probable bug
Milestone
Backlog

Comments

@AnnaSalata
Copy link

Does this issue occur when all extensions are disabled?: This issue occurs with VS Code functionality FOR the extensions.

  • VS Code Version: 1.92.2
  • OS Version: macOS 13.6.8

Steps to Reproduce:

  1. Create an extension with AuthenticationProvider, based on the sample: https://github.com/microsoft/vscode-extension-samples/blob/main/authenticationprovider-sample/src/authProvider.ts
  2. Sign in, using credentials.
  3. Go to Accounts -> extension's account -> Manage Trusted Extensions:
image
  1. Observe the list of trusted extensions for the selected account:
image
  1. Uncheck the extension from the list of trusted and press OK:
image
  1. Observe an event is fired inside vscode.authentication.onDidChangeSessions subscription and method await vscode.authentication.getSession(MyAuthenticationProvider.id, [], { createIfNone: false }) returns undefined:
image
  1. Observe the option Grant access to {Auth Provider} for {Extension}... (1) appeared under the Accounts menu:
image
  1. Select Accounts -> Grant access to {Auth Provider} for {Extension}... (1)
  2. Observe a confirmation popup and press Allow:
image
  1. Observe an event is fired inside vscode.authentication.onDidChangeSessions subscription and method await vscode.authentication.getSession(MyAuthenticationProvider.id, [], { createIfNone: false }) returns session:
image
  1. Observe Grant access to My Provider for My Extension... (1) is no longer exists in the Accounts menu:
image
  1. Repeat steps 3 - 7 for removing the extension from the list of trusted extensions again.
  2. Navigate to Accounts -> extension's account -> Manage Trusted Extensions
  3. Check the extension as trusted and press OK:
image
  1. An event is fired inside vscode.authentication.onDidChangeSessions subscription and method await vscode.authentication.getSession(MyAuthenticationProvider.id, [], { createIfNone: false }) returns session:
image

Actual Result:

Grant access to My Provider for My Extension... (1) is still available in the Accounts menu, even though access has been granted:
image

Expected Result:

  • Grant access to My Provider for My Extension... (1) should NOT be available in the Accounts menu.

Consequences:

Since VS Code doesn’t provide a direct API to detect when the extension is checked/unchecked in the "Manage Trusted Extensions" dialog, it is impossible to work with authentication correctly.
While both, user account and Grant access to My Provider for My Extension... (1) are available in the Accounts menu, it allows the possibility to sign in under two accounts, even if { supportsMultipleAccounts: false } was passed during registering the Authentication Provider, using

context.subscriptions.push(
    vscode.authentication.registerAuthenticationProvider(
      'myCustomProvider',
      'My Provider,
      new MyAuthenticationProvider (context.secrets),
      { supportsMultipleAccounts: false },
    ),
  );

To reproduce this behavior follow these steps:

  1. Navigate to Accounts -> account -> Sign Out
  2. Observe Sign In with My Provider to use My Extension (1) appeared in the Accounts menu
  3. Sign in, using another account
  4. Observe new user account appeared in the Account menu.
  5. Press Grant access to My Provider for My Extension... (1)
  6. Observe both, previous and new account for the same extension presented in the Accounts menu.
@TylerLeonhardt
Copy link
Member

You basically want this: #104008

but this bug can track the fact that, yes, if you grant access via the Trusted Extensions quick pick, it should clean up any account menus.

@TylerLeonhardt TylerLeonhardt added bug Issue identified by VS Code Team member as probable bug authentication Issues with the Authentication platform labels Sep 25, 2024
@TylerLeonhardt TylerLeonhardt added this to the Backlog milestone Sep 25, 2024
@AnnaSalata
Copy link
Author

You basically want this: #104008

but this bug can track the fact that, yes, if you grant access via the Trusted Extensions quick pick, it should clean up any account menus.

Well yes, I think there should be at least one option available here: an api providing possiblity to track when access is granted/revoked, as described in #104008, or Accounts menu item Grant access to My Provider for My Extension... (1) should work correctly and disappear from menu when user grants access directly or indirectly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TylerLeonhardt TylerLeonhardt

Labels
authentication Issues with the Authentication platform bug Issue identified by VS Code Team member as probable bug
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@TylerLeonhardt @AnnaSalata and others