Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multiple AAD app connections in VS Code #240612

Closed
angelasu1 opened this issue Feb 13, 2025 · 6 comments
Closed

Allow multiple AAD app connections in VS Code #240612

angelasu1 opened this issue Feb 13, 2025 · 6 comments
Assignees
@TylerLeonhardt
Labels
info-needed Issue requires more information from poster

Comments

@angelasu1
Copy link

I have 2 AAD apps with different permissions. I need to sign in to both apps on VS Code using the same credentials, however once I'm signed in with one, then I'm unable to sign in to the other application using the same credentials.

Is there already a way to sign in to multiple AAD apps with the same account, and if not, is this something that can be supported?

Thanks!
@TylerLeonhardt
Copy link
Member

Can you tell me more about how you're requesting the sign in for each of these and what you see that leads you to be "unable to sign in"?

You should be able to do this... so I'm trying to understand where this is going wrong.

@TylerLeonhardt TylerLeonhardt added the info-needed Issue requires more information from poster label Feb 14, 2025
@angelasu1
Copy link
Author

Thanks for the response.

The sign ins are happening via a VS Code extension. The extension is trying to use the vscode.authentication.getSession() twice, for two different sets of scopes. However, after signing in to the first AAD app, I never get asked to sign in a second time, so I never get the permissions I need from the second AAD app.

I'm guessing the reason is that I've already signed into my Microsoft account for the first AAD app, and the second one is attempting to reuse it, but it's failing because the scopes are different?

@TylerLeonhardt
Copy link
Member

If this extension wants to use two different accounts for these scopes, the should use either:

{ createIfNone: true, clearSessionPreference: true }

Or

{ forceNewSession: true }

Which will allow you to use a different account for that request

@angelasu1
Copy link
Author

Thanks Tyler for this explanation.
For both of the apps, I am actually signing into the same account (different AAD apps, but same Microsoft account). Is there any way the extension can automatically know that I have already signed in and reuse my account credentials for the second session, instead of creating a new session and signing in twice?

@TylerLeonhardt
Copy link
Member

This is possible but your app has to use the same client id & tenant... it can request other scopes or resources:

const session1 = await authentication.getSession('microsoft', [ARM_SCOPE_URL], {createIfNone: true})
const session2 = await authentication.getSession('microsoft', ['User.Read'], {silent: true})

This will get you back 2 sessions. One using the ARM resource, the other a Graph resource. You should only get one auth prompt.

@vs-code-engineering VS Code Engineering
Copy link

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!

@vs-code-engineering vs-code-engineering bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TylerLeonhardt TylerLeonhardt

Labels
info-needed Issue requires more information from poster
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TylerLeonhardt @angelasu1