-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v0.10.0
] Could not retrieve the token associated with Visual Studio Code. Works with v0.9.11
#443
Comments
The following process seems to work for us:
|
Hi @lippertmarkus, thanks for filing. What is the Unfortunately I'm unable to reproduce this issue after creating a sample extension and using the API in the way you described. I tried on Mac and Windows using VS Code versions 1.65.0-insider and 1.64.2 respectively. |
@wwlorey I checked a few affected users, and they all had |
Thanks, @lippertmarkus. Do you know if those users are signing in with a tenant ID other than the default? Or if they're using a cloud other than general Azure (such as Azure China or Azure Germany)? |
All affected and non-affected users are using the same tenant ID and general Azure. |
It seems like authentication information stored by |
Thanks, @GusteB that is very helpful. I filed Azure/azure-sdk-for-js#20500 to track this issue. |
@wwlorey We wanted to know if the VS Code team will be reverting back the cache name change or would you want the @azure/identity library to support both the cache locations now? We are curious because the latter is a breaking change for our library. |
Hi @KarishmaGhiya, we moved to using VS Code's secrets API for security reasons and we'd like to stick with that implementation. Is it a requirement for the identity package to read the Account Extension's cache information directly from the credentials store going forward? The extension has an API in place that I think would be a better fit for this situation. That doesn't change the fact that it would be a breaking change for @azure/identity though - apologies for that. |
@wwlorey Can you point us to the documentation on that VS Code's secrets API? Is it available publicly? |
The SecretStorage class implements it; an instance is passed in the ExtensionContext given to the extension at activation. |
|
The cache names will change based on the type of cloud environment. Here are two examples of how we use the SecretStorage API. In both cases, we just provide the environment name (which was "AzureCloud" for that user) and VS Code appears to add additional information to the cache key. That isn't something we control in the extension.
VS Code's implementation of SecretStorage dictates the exact cache key names. The only thing that would change the cache keys that the extension provides to VS Code is if the environment names for Azure clouds change again. For example: default Azure's environment name used to be "Azure" instead of "AzureCloud" (the latest name).
According to VS Code's API docs there isn't currently a way to get cache names 😕 It's possible to request that feature from the VS Code team but I don't think it would be released fast enough for a hot fix and I would wager it isn't a path they want to go down.
It looks like VS Code uses keytar under the hood for their SecretStorage. |
Here's another error resulting from this problem:
|
Hey folks - I'm having a bit of trouble following the thread :) @wwlorey -- do you all have a sense of when this will be resolved? Will it be done via an update to the Azure Account extension? |
@alex-frankel we're working with the SDK team on this and will update this thread when we have an idea of the timeline. |
Thanks all, our org just hit this as well, so we are interested in resolution. Thanks! |
Would be great if you could at least provide a way to write the legacy credentials with the old name as a workaround. The VSC Extension API versioning ( I need to tell all our users since 4 months "Please downgrade to |
Any news on this issue? Currently experiencing and i can not get around it at all. Even a downgrade on my end did nothing. |
Another bump. Behind a proxy, only work around we had is reverting Azure Account extension to 0.9.11 and 0.4.0 on the Azure Resources extension. Seems to affect other extensions too e.g. Bicep but this is as far we've got with our investigations and have reverted more or less to NOT using VS Code Azure extensions family and going for CLI commands instead. :( |
Same here as others working behind a proxy. Have not been able to sign into Azure from VS Code for months now, even with extension downgrades. Which basically means our local development of Logic Apps Standard is ended. No Azure connection -> no Logic Apps connectors -> no local designer -> no integration with VSCode or Git. We are back to working in the portal and copying and pasting json into our repos. Really marvellous. ================================================================= hope it help others... |
Hello, from the Azure SDK side, if you are using @azure/identity SDK for authentication, we recommend users to use Azure CLI for authentication as the workaround suggested in the troubleshooting guide. Let me know if you have any questions. |
@anthonywhite thank you for letting us know this workaround works for you. Just to confirm, this fix works on the latest version of the Azure Account extension? |
@alexweininger yes am using 0.11.2 |
The documentation for the workaround is entirely unclear. Could the team please provide a working example using Python showing to to authenticate using this method? |
@corytomlinson I'm not sure I understand what you're trying to do. Could you explain a bit more about your use case? Also, which workaround are you referring to? The workaround mentioned immediately above is for fixing issues with authenticated behind a proxy. |
Steps to Reproduce:
We're having a extension which uses the Azure Account Extension as a dependency. With the new version
v0.10.0
some users (but not all) in our tenant get the following error:When those users downgrade to
v0.9.11
the issue does not happen. Signing in and out again didn't help. Deleting the credentials stored in the Windows credential store also didn't.Our extension uses the following snippet to get tokens:
The text was updated successfully, but these errors were encountered: