Allow multiple AAD app connections in VS Code

[angelasu1]

I have 2 AAD apps with different permissions. I need to sign in to both apps on VS Code using the same credentials, however once I'm signed in with one, then I'm unable to sign in to the other application using the same credentials.

Is there already a way to sign in to multiple AAD apps with the same account, and if not, is this something that can be supported?

Thanks!

[TylerLeonhardt]

Can you tell me more about how you're requesting the sign in for each of these and what you see that leads you to be "unable to sign in"?

You should be able to do this... so I'm trying to understand where this is going wrong.

[angelasu1]

Thanks for the response.

The sign ins are happening via a VS Code extension. The extension is trying to use the vscode.authentication.getSession() twice, for two different sets of scopes. However, after signing in to the first AAD app, I never get asked to sign in a second time, so I never get the permissions I need from the second AAD app.

I'm guessing the reason is that I've already signed into my Microsoft account for the first AAD app, and the second one is attempting to reuse it, but it's failing because the scopes are different?

[TylerLeonhardt]

If this extension wants to use two different accounts for these scopes, the should use either:

{ createIfNone: true, clearSessionPreference: true }

Or

{ forceNewSession: true }

Which will allow you to use a different account for that request

[angelasu1]

Thanks Tyler for this explanation.
For both of the apps, I am actually signing into the same account (different AAD apps, but same Microsoft account). Is there any way the extension can automatically know that I have already signed in and reuse my account credentials for the second session, instead of creating a new session and signing in twice?

[TylerLeonhardt]

This is possible but your app has to use the same client id & tenant... it can request other scopes or resources:

const session1 = await authentication.getSession('microsoft', [ARM_SCOPE_URL], {createIfNone: true})
const session2 = await authentication.getSession('microsoft', ['User.Read'], {silent: true})

This will get you back 2 sessions. One using the ARM resource, the other a Graph resource. You should only get one auth prompt.

[vs-code-engineering]

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!