From bbd9dbf17a617eccff1f425a486ecf6310458ddb Mon Sep 17 00:00:00 2001
From: Nathan <naturins@microsoft.com>
Date: Tue, 6 Aug 2024 10:41:58 -0700
Subject: [PATCH] auth: Add a `getSessionWithScopes` to AzureAuthentication
 (#1762)

* Add a getSessionWithScopes to AzureAuthentication

* Remove scopes as a parameter

* Bump package version

* Fix build and PR feedback

* Actually listen to PR feedback
---
 auth/package-lock.json                      |  4 +--
 auth/package.json                           |  2 +-
 auth/src/AzureAuthentication.ts             |  9 ++++++-
 auth/src/AzureDevOpsSubscriptionProvider.ts | 29 +++++++++++----------
 auth/src/VSCodeAzureSubscriptionProvider.ts |  5 +++-
 5 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/auth/package-lock.json b/auth/package-lock.json
index bb437c3d8d..d517048acc 100644
--- a/auth/package-lock.json
+++ b/auth/package-lock.json
@@ -1,12 +1,12 @@
 {
     "name": "@microsoft/vscode-azext-azureauth",
-    "version": "2.4.1",
+    "version": "2.5.0",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@microsoft/vscode-azext-azureauth",
-            "version": "2.4.1",
+            "version": "2.5.0",
             "license": "MIT",
             "dependencies": {
                 "@azure/arm-resources-subscriptions": "^2.1.0",
diff --git a/auth/package.json b/auth/package.json
index e82aff1a1b..1bfec98eb1 100644
--- a/auth/package.json
+++ b/auth/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@microsoft/vscode-azext-azureauth",
     "author": "Microsoft Corporation",
-    "version": "2.4.1",
+    "version": "2.5.0",
     "description": "Azure authentication helpers for Visual Studio Code",
     "tags": [
         "azure",
diff --git a/auth/src/AzureAuthentication.ts b/auth/src/AzureAuthentication.ts
index c1c0378087..37d34b63bb 100644
--- a/auth/src/AzureAuthentication.ts
+++ b/auth/src/AzureAuthentication.ts
@@ -9,6 +9,13 @@ import type * as vscode from 'vscode';
  * Represents a means of obtaining authentication data for an Azure subscription.
  */
 export interface AzureAuthentication {
+    /**
+     * Gets a VS Code authentication session for an Azure subscription.
+     * Always uses the default scope, `https://management.azure.com/.default/` and respects `microsoft-sovereign-cloud.environment` setting.
+     *
+     * @returns A VS Code authentication session or undefined, if none could be obtained.
+     */
+    getSession(): vscode.ProviderResult<vscode.AuthenticationSession>;
     /**
      * Gets a VS Code authentication session for an Azure subscription.
      *
@@ -16,5 +23,5 @@ export interface AzureAuthentication {
      *
      * @returns A VS Code authentication session or undefined, if none could be obtained.
      */
-    getSession(scopes?: string[]): vscode.ProviderResult<vscode.AuthenticationSession>;
+    getSessionWithScopes(scopes: string[]): vscode.ProviderResult<vscode.AuthenticationSession>;
 }
diff --git a/auth/src/AzureDevOpsSubscriptionProvider.ts b/auth/src/AzureDevOpsSubscriptionProvider.ts
index 67a5319187..d890f9cd3a 100644
--- a/auth/src/AzureDevOpsSubscriptionProvider.ts
+++ b/auth/src/AzureDevOpsSubscriptionProvider.ts
@@ -152,25 +152,26 @@ export class AzureDevOpsSubscriptionProvider implements AzureSubscriptionProvide
         }
 
         const accessToken = (await this._tokenCredential?.getToken("https://management.azure.com/.default"))?.token || '';
+        const getSession = () => {
+            return {
+                accessToken,
+                id: this._tokenCredential?.tenantId || '',
+                account: {
+                    id: this._tokenCredential?.tenantId || '',
+                    label: this._tokenCredential?.tenantId || '',
+                },
+                tenantId: this._tokenCredential?.tenantId || '',
+                scopes: scopes || [],
+            };
+        };
         return {
             client: new armSubs.SubscriptionClient(this._tokenCredential,),
             credential: this._tokenCredential,
             authentication: {
-                getSession: (_scopes: string[] | undefined) => {
-                    return {
-                        accessToken,
-                        id: this._tokenCredential?.tenantId || '',
-                        account: {
-                            id: this._tokenCredential?.tenantId || '',
-                            label: this._tokenCredential?.tenantId || '',
-                        },
-                        tenantId: this._tokenCredential?.tenantId || '',
-                        scopes: scopes || [],
-                    };
-
-                }
+                getSession,
+                getSessionWithScopes: getSession,
             }
-        };
+        }
     }
 
     public onDidSignIn: Event<void> = () => { return new Disposable(() => { /*empty*/ }) };
diff --git a/auth/src/VSCodeAzureSubscriptionProvider.ts b/auth/src/VSCodeAzureSubscriptionProvider.ts
index 8ccb775a56..9b04dbd0e2 100644
--- a/auth/src/VSCodeAzureSubscriptionProvider.ts
+++ b/auth/src/VSCodeAzureSubscriptionProvider.ts
@@ -260,7 +260,10 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable implement
             client: new armSubs.SubscriptionClient(credential, { endpoint }),
             credential: credential,
             authentication: {
-                getSession: () => session
+                getSession: () => session,
+                getSessionWithScopes: (scopes) => {
+                    return getSessionFromVSCode(scopes, tenantId, { createIfNone: false, silent: true })
+                },
             }
         };
     }