Disable MSAL for unsupported web clients (microsoft#239522)

TylerLeonhardt · web-flow · commit e72728b5e8fd · 2025-02-03T14:37:15.000-08:00
Fall back to classic for unsupported web clients The actual fix to get these clients on MSAL is a little too large for a candidate: microsoft#239389 .. so for the candidate, we will simply detect this kind of client and go to the classic version of Microsoft auth. Fixes microsoft#238147
diff --git a/extensions/microsoft-authentication/src/extension.ts b/extensions/microsoft-authentication/src/extension.ts
@@ -3,7 +3,7 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import { commands, env, ExtensionContext, l10n, window, workspace } from 'vscode';
+import { commands, env, ExtensionContext, l10n, UIKind, Uri, window, workspace } from 'vscode';
 import * as extensionV1 from './extensionV1';
 import * as extensionV2 from './extensionV2';
 import { createExperimentationService } from './common/experimentation';
@@ -34,11 +34,24 @@ function shouldUseMsal(expService: IExperimentationService): boolean {
 		return expValue;
 	}
 
-	Logger.info('Acquired MSAL enablement value from default. Value: false');
+	Logger.info('Acquired MSAL enablement value from default. Value: true');
 	// If no setting or experiment value is found, default to true
 	return true;
 }
 
+function isSupportedWebClient(uri: Uri): boolean {
+	return (
+		// vscode.dev & insiders.vscode.dev
+		/(?:^|\.)vscode\.dev$/.test(uri.authority) ||
+		// github.dev & codespaces
+		/(?:^|\.)github\.dev$/.test(uri.authority) ||
+		// localhost
+		/^localhost:\d+$/.test(uri.authority) ||
+		// 127.0.0.1
+		/^127\.0\.0\.1:\d+$/.test(uri.authority)
+	);
+}
+
 let useMsal: boolean | undefined;
 export async function activate(context: ExtensionContext) {
 	const mainTelemetryReporter = new MicrosoftAuthenticationTelemetryReporter(context.extension.packageJSON.aiKey);
@@ -47,6 +60,16 @@ export async function activate(context: ExtensionContext) {
 		mainTelemetryReporter,
 		env.uriScheme !== 'vscode', // isPreRelease
 	);
+
+	if (env.uiKind === UIKind.Web) {
+		const callbackUri = await env.asExternalUri(Uri.parse(`${env.uriScheme}://vscode.microsoft-authentication`));
+		if (!isSupportedWebClient(callbackUri)) {
+			Logger.info('Unsupported web client. Falling back to classic auth.');
+			await extensionV1.activate(context, mainTelemetryReporter.telemetryReporter);
+			return;
+		}
+	}
+
 	useMsal = shouldUseMsal(expService);
 	const clientIdVersion = workspace.getConfiguration('microsoft-authentication').get<'v1' | 'v2'>('clientIdVersion', 'v1');
 
