Fix auth

priyanshu92 · priyanshu92 · commit 9b63237be0fe · 2025-04-29T17:06:50.000+05:30
diff --git a/l10n/bundle.l10n.json b/l10n/bundle.l10n.json
@@ -135,6 +135,7 @@
   "Your preview isn't updated. Please upload your site to see the latest changes.": "Your preview isn't updated. Please upload your site to see the latest changes.",
   "Upload changes": "Upload changes",
   "The preview shown is for published changes. Please publish any pending changes to see them in the preview.": "The preview shown is for published changes. Please publish any pending changes to see them in the preview.",
+  "Please login to preview the site.": "Please login to preview the site.",
   "Enter the name of the web template": "Enter the name of the web template",
   "Please enter a name for the web template.": "Please enter a name for the web template.",
   "A webtemplate with the same name already exists. Please enter a different name.": "A webtemplate with the same name already exists. Please enter a different name.",
diff --git a/loc/translations-export/vscode-powerplatform.xlf b/loc/translations-export/vscode-powerplatform.xlf
@@ -460,6 +460,9 @@ The {3} represents Dataverse Environment's Organization ID (GUID)</note>
     <trans-unit id="++CODE++7f6276dc63b573d177b7d6e17f787b108e3c8c7d449324ac13a6d06b1be59d8e">
       <source xml:lang="en">Please enter a name for the webpage.</source>
     </trans-unit>
+    <trans-unit id="++CODE++6355962eca901310bd24d2142605263344a3f09fb4fc30fc0f9dcf4cd56bf534">
+      <source xml:lang="en">Please login to preview the site.</source>
+    </trans-unit>
     <trans-unit id="++CODE++1bac158cc07a75506df3774db0ad7c188c19ccad4943c4cf03da8b6700ef9ce4">
       <source xml:lang="en">Power Pages Copilot is now connected to the environment: {0} : {1}</source>
       <note>{0} represents the environment name</note>
@@ -795,7 +798,7 @@ The second line should be '[TRANSLATION HERE](command:microsoft.powerplatform.pa
     </trans-unit>
     <trans-unit id="pacCLI.authPanel.welcome.whenInteractiveNotSupported">
       <source xml:lang="en">No auth profiles found on this computer.
-Interactive Authentication is not availalbe for remote scenarios; auth profiles must be created by the command line.  The `--deviceCode` flow must be used for users with MFA requirements, or whose tenants use ADFS.
+Interactive Authentication is not available for remote scenarios; auth profiles must be created by the command line.  The `--deviceCode` flow must be used for users with MFA requirements, or whose tenants use ADFS.
 [View Auth Profile Help](command:pacCLI.pacAuthHelp)</source>
       <note>This is a Markdown formatted string, and the formatting must persist across translations.
 The second line should not translate the argument `--deviceCode`
diff --git a/package.nls.json b/package.nls.json
@@ -20,7 +20,7 @@
     ]
   },
   "pacCLI.authPanel.welcome.whenInteractiveNotSupported": {
-    "message": "No auth profiles found on this computer.\nInteractive Authentication is not availalbe for remote scenarios; auth profiles must be created by the command line.  The `--deviceCode` flow must be used for users with MFA requirements, or whose tenants use ADFS.\n[View Auth Profile Help](command:pacCLI.pacAuthHelp)",
+    "message": "No auth profiles found on this computer.\nInteractive Authentication is not available for remote scenarios; auth profiles must be created by the command line.  The `--deviceCode` flow must be used for users with MFA requirements, or whose tenants use ADFS.\n[View Auth Profile Help](command:pacCLI.pacAuthHelp)",
     "comment": [
       "This is a Markdown formatted string, and the formatting must persist across translations.",
       "The second line should not translate the argument `--deviceCode`",
diff --git a/src/client/extension.ts b/src/client/extension.ts
@@ -47,7 +47,8 @@ import { ActionsHub } from "./power-pages/actions-hub/ActionsHub";
 import { extractAuthInfo, extractOrgInfo } from "./power-pages/commonUtility";
 import PacContext from "./pac/PacContext";
 import ArtemisContext from "./ArtemisContext";
-import { bapServiceAuthentication } from "../common/services/AuthenticationProvider";
+import { authenticateUser } from "../common/services/AuthenticationProvider";
+import { PROVIDER_ID } from "../common/services/Constants";
 
 let client: LanguageClient;
 let _context: vscode.ExtensionContext;
@@ -67,6 +68,14 @@ export async function activate(
         "pac.userId": readUserSettings().uniqueId
     });
 
+    _context.subscriptions.push(
+        vscode.authentication.onDidChangeSessions(async (event) => {
+            if (event.provider.id === PROVIDER_ID) {
+                await authenticateUser(true);
+            }
+        })
+    );
+
     // Setup context switches
     if (
         vscode.env.remoteName === undefined ||
@@ -86,7 +95,7 @@ export async function activate(
         );
     }
 
-    await bapServiceAuthentication(); //Authentication for extension
+    await authenticateUser(); //Authentication for extension
 
     // portal web view panel
     _context.subscriptions.push(
diff --git a/src/client/power-pages/actions-hub/ActionsHubCommandHandlers.ts b/src/client/power-pages/actions-hub/ActionsHubCommandHandlers.ts
@@ -18,7 +18,7 @@ import { ServiceEndpointCategory, WebsiteDataModel } from '../../../common/servi
 import { SiteTreeItem } from './tree-items/SiteTreeItem';
 import { PreviewSite } from '../preview-site/PreviewSite';
 import { PacWrapper } from '../../pac/PacWrapper';
-import { dataverseAuthentication } from '../../../common/services/AuthenticationProvider';
+import { authenticateUser, dataverseAuthentication } from '../../../common/services/AuthenticationProvider';
 import { createAuthProfileExp } from '../../../common/utilities/PacAuthUtil';
 import { IOtherSiteInfo, IWebsiteDetails, WebsiteYaml } from '../../../common/services/Interfaces';
 import { getActiveWebsites, getAllWebsites } from '../../../common/utilities/WebsiteUtil';
@@ -199,14 +199,17 @@ export const previewSite = async (siteTreeItem: SiteTreeItem) => {
     }
 };
 
-export const createNewAuthProfile = async (pacWrapper: PacWrapper, orgUrl: string): Promise<void> => {
+export const createNewAuthProfile = async (pacWrapper: PacWrapper): Promise<void> => {
     traceInfo(Constants.EventNames.ACTIONS_HUB_CREATE_AUTH_PROFILE_CALLED, { methodName: createNewAuthProfile.name });
     try {
+        const orgUrl = PacContext.OrgInfo?.OrgUrl ?? '';
+
         // if orgUrl is present then directly call dataverseAuthentication
         if (orgUrl) {
-            await dataverseAuthentication(orgUrl, true);
+            await authenticateUser();
             return;
         }
+
         const pacAuthCreateOutput = await createAuthProfileExp(pacWrapper);
         if (pacAuthCreateOutput && pacAuthCreateOutput.Status === SUCCESS) {
             const results = pacAuthCreateOutput.Results;
diff --git a/src/client/power-pages/actions-hub/ActionsHubTreeDataProvider.ts b/src/client/power-pages/actions-hub/ActionsHubTreeDataProvider.ts
@@ -17,7 +17,7 @@ import CurrentSiteContext from "./CurrentSiteContext";
 import { IOtherSiteInfo, IWebsiteDetails } from "../../../common/services/Interfaces";
 import { orgChangeErrorEvent } from "../../OrgChangeNotifier";
 import { getBaseEventInfo } from "./TelemetryHelper";
-import { BAP_SERVICE_SCOPE_DEFAULT, PROVIDER_ID } from "../../../common/services/Constants";
+import { PROVIDER_ID } from "../../../common/services/Constants";
 
 export class ActionsHubTreeDataProvider implements vscode.TreeDataProvider<ActionsHubTreeItem> {
     private readonly _disposables: vscode.Disposable[] = [];
@@ -42,7 +42,9 @@ export class ActionsHubTreeDataProvider implements vscode.TreeDataProvider<Actio
             CurrentSiteContext.onChanged(() => this.refresh()),
 
             // Register an event listener for org change error as action hub will not be re-initialized in extension.ts
-            orgChangeErrorEvent(() => this.refresh())
+            orgChangeErrorEvent(() => this.refresh()),
+
+            vscode.authentication.onDidChangeSessions((_) => this.refresh())
         );
         this._context = context;
     }
@@ -71,16 +73,13 @@ export class ActionsHubTreeDataProvider implements vscode.TreeDataProvider<Actio
 
     private async checkAuthInfo(): Promise<boolean> {
         const authInfo = PacContext.AuthInfo;
-        const session  = await vscode.authentication.getSession(
-                    PROVIDER_ID,
-                    [BAP_SERVICE_SCOPE_DEFAULT],
-                    { silent: true }
-                );
+        const session  = await vscode.authentication.getSession(PROVIDER_ID, [], { silent: true });
+
         if (session && session.accessToken && authInfo && authInfo.OrganizationFriendlyName) {
             return true;
-        } else {
-            return false; 
         }
+
+        return false;
     }
 
     public static initialize(context: vscode.ExtensionContext, pacTerminal: PacTerminal): ActionsHubTreeDataProvider {
@@ -145,7 +144,7 @@ export class ActionsHubTreeDataProvider implements vscode.TreeDataProvider<Actio
             vscode.commands.registerCommand("microsoft.powerplatform.pages.actionsHub.activeSite.preview", previewSite),
 
             vscode.commands.registerCommand("microsoft.powerplatform.pages.actionsHub.newAuthProfile", async () => {
-                await createNewAuthProfile(pacTerminal.getWrapper(), PacContext.OrgInfo?.OrgUrl ?? '');
+                await createNewAuthProfile(pacTerminal.getWrapper());
             }),
 
             vscode.commands.registerCommand("microsoft.powerplatform.pages.actionsHub.currentActiveSite.revealInOS.windows", revealInOS),
diff --git a/src/client/power-pages/preview-site/Constants.ts b/src/client/power-pages/preview-site/Constants.ts
@@ -32,7 +32,8 @@ export const Messages = {
     UNABLE_TO_CLEAR_CACHE: vscode.l10n.t("Unable to clear cache"),
     PREVIEW_WARNING: vscode.l10n.t("Your preview isn't updated. Please upload your site to see the latest changes."),
     UPLOAD_CHANGES: vscode.l10n.t("Upload changes"),
-    PREVIEW_SHOWN_FOR_PUBLISHED_CHANGES: vscode.l10n.t("The preview shown is for published changes. Please publish any pending changes to see them in the preview.")
+    PREVIEW_SHOWN_FOR_PUBLISHED_CHANGES: vscode.l10n.t("The preview shown is for published changes. Please publish any pending changes to see them in the preview."),
+    LOGIN_REQUIRED: vscode.l10n.t("Please login to preview the site.")
 };
 
 export const Events = {
diff --git a/src/client/power-pages/preview-site/PreviewSite.ts b/src/client/power-pages/preview-site/PreviewSite.ts
@@ -239,6 +239,11 @@ export class PreviewSite {
 
                 const authResponse = await dataverseAuthentication(orgDetails.OrgUrl);
 
+                if (!authResponse) {
+                    progress.report({ message: Messages.LOGIN_REQUIRED });
+                    return;
+                }
+
                 const clearCacheResponse = await fetch(requestUrl, {
                     headers: {
                         authorization: "Bearer " + authResponse.accessToken,
diff --git a/src/common/copilot/constants.ts b/src/common/copilot/constants.ts
@@ -16,7 +16,7 @@ export const CopilotStylePathSegments = ['src', 'common', 'copilot', 'assets', '
 export const EUROPE_GEO = 'eu';
 export const UK_GEO = 'uk';
 export const COPILOT_UNAVAILABLE = 'copilotunavailable';
-export const AUTH_CREATE_MESSAGE = vscode.l10n.t('Creating new Auth Profile');
+export const AUTH_CREATE_MESSAGE = vscode.l10n.t('Creating new authentication profile');
 export const AUTH_CREATE_FAILED = vscode.l10n.t("Error creating auth profile for org")
 export const RELEVANCY_CHECK_FAILED = 'RelevancyCheckFailed';
 export const INAPPROPRIATE_CONTENT = 'InappropriateContentDetected';
diff --git a/src/common/services/AuthenticationProvider.ts b/src/common/services/AuthenticationProvider.ts
@@ -39,6 +39,7 @@ import {
 } from "./Constants";
 import jwt_decode from 'jwt-decode';
 import { showErrorDialog } from "../utilities/errorHandlerUtil";
+import { oneDSLoggerWrapper } from "../OneDSLoggerTelemetry/oneDSLoggerWrapper";
 
 const serviceScopeMapping: { [key in ServiceEndpointCategory]: string } = {
     [ServiceEndpointCategory.NONE]: "",
@@ -86,14 +87,16 @@ export async function intelligenceAPIAuthentication(sessionID: string, orgId: st
     let user = '';
     let userId = '';
     try {
-        let session = await vscode.authentication.getSession(PROVIDER_ID, [`${INTELLIGENCE_SCOPE_DEFAULT}`], { silent: true });
+        const session = await vscode.authentication.getSession(PROVIDER_ID, [`${INTELLIGENCE_SCOPE_DEFAULT}`], { silent: true });
+
         if (!session) {
-            session = await vscode.authentication.getSession(PROVIDER_ID, [`${INTELLIGENCE_SCOPE_DEFAULT}`], { createIfNone: true });
-            firstTimeAuth = true;
+            return { accessToken, user, userId };
         }
+
         accessToken = session?.accessToken ?? '';
-        user = session.account.label;
+        user = session?.account?.label ?? '';
         userId = getOIDFromToken(accessToken);
+
         if (!accessToken) {
             throw new Error(ERROR_CONSTANTS.NO_ACCESS_TOKEN);
         }
@@ -116,23 +119,17 @@ export async function dataverseAuthentication(
     let accessToken = "";
     let userId = "";
     try {
-        let session = await vscode.authentication.getSession(
+        const session = await vscode.authentication.getSession(
             PROVIDER_ID,
             [
                 `${dataverseOrgURL}${SCOPE_OPTION_DEFAULT}`,
                 `${SCOPE_OPTION_OFFLINE_ACCESS}`,
             ],
             { silent: true }
         );
+
         if (!session) {
-            session = await vscode.authentication.getSession(
-                PROVIDER_ID,
-                [
-                    `${dataverseOrgURL}${SCOPE_OPTION_DEFAULT}`,
-                    `${SCOPE_OPTION_OFFLINE_ACCESS}`,
-                ],
-                { createIfNone: true }
-            );
+            return { accessToken, userId };
         }
 
         accessToken = session?.accessToken ?? "";
@@ -259,18 +256,14 @@ export async function bapServiceAuthentication(
 ): Promise<string> {
     let accessToken = "";
     try {
-        let session = await vscode.authentication.getSession(
+        const session = await vscode.authentication.getSession(
             PROVIDER_ID,
             [BAP_SERVICE_SCOPE_DEFAULT],
             { silent: true }
         );
 
         if (!session) {
-            session = await vscode.authentication.getSession(
-                PROVIDER_ID,
-                [BAP_SERVICE_SCOPE_DEFAULT],
-                { createIfNone: true }
-            );
+            return accessToken;
         }
 
         accessToken = session?.accessToken ?? "";
@@ -321,18 +314,14 @@ export async function powerPlatformAPIAuthentication(
     let accessToken = "";
     const PPAPI_WEBSITES_ENDPOINT = serviceScopeMapping[serviceEndpointStamp];
     try {
-        let session = await vscode.authentication.getSession(
+        const session = await vscode.authentication.getSession(
             PROVIDER_ID,
             [PPAPI_WEBSITES_ENDPOINT],
             { silent: true }
         );
 
         if (!session) {
-            session = await vscode.authentication.getSession(
-                PROVIDER_ID,
-                [PPAPI_WEBSITES_ENDPOINT],
-                { createIfNone: true }
-            );
+            return accessToken;
         }
 
         accessToken = session?.accessToken ?? "";
@@ -363,3 +352,41 @@ export async function powerPlatformAPIAuthentication(
 
     return accessToken;
 }
+
+/**
+ * Authenticate the user using Microsoft as authentication provider.
+ * @param isSilent - If true, the authentication will be done silently without showing a dialog.
+ * @returns A promise that resolves when the authentication is complete.
+ *
+ */
+export async function authenticateUser(isSilent = false): Promise<void> {
+    if (isSilent) {
+        await authenticateUserInternal(false);
+    } else {
+        const isAuthenticated = await authenticateUserInternal(true);
+        if (!isAuthenticated) {
+            await authenticateUserInternal(false);
+        }
+    }
+}
+
+/**
+ * Authenticate the user using the authentication provider.
+ * @param createIfNone - If true, an authentication dialog will be shown to user.
+ * @returns A promise that resolves to true if authentication is successful, false otherwise.
+ */
+async function authenticateUserInternal(createIfNone: boolean): Promise<boolean> {
+    try {
+        const session = await vscode.authentication.getSession(PROVIDER_ID, [], { createIfNone: createIfNone });
+
+        if (session) {
+            const userId = getOIDFromToken(session.accessToken);
+            oneDSLoggerWrapper.getLogger().traceInfo("VSCodeDesktopUserAuthenticationSuccessful", { userId, createIfNone });
+            return true;
+        }
+    } catch (error) {
+        const errorMessage = error as Error;
+        oneDSLoggerWrapper.getLogger().traceError("VSCodeDesktopUserAuthenticationFailed", errorMessage.message, errorMessage, { createIfNone });
+    }
+    return false;
+}
diff --git a/src/common/utilities/WebsiteUtil.ts b/src/common/utilities/WebsiteUtil.ts
@@ -71,6 +71,11 @@ export async function getAllWebsites(orgDetails: OrgInfo): Promise<IWebsiteDetai
     const websites: IWebsiteDetails[] = [];
     try {
         const dataverseToken = (await dataverseAuthentication(orgDetails.OrgUrl ?? '', true)).accessToken;
+
+        if (!dataverseToken) {
+            throw new Error("Dataverse token is not available.");
+        }
+
         const [adxWebsiteRecords, powerPagesSiteRecords, appModules] = await Promise.all([
             getAdxWebsiteRecords(orgDetails.OrgUrl, dataverseToken),
             getPowerPagesSiteRecords(orgDetails.OrgUrl, dataverseToken),

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`]`
`21`	`21`	`},`
`22`	`22`	`"pacCLI.authPanel.welcome.whenInteractiveNotSupported": {`
`23`		- "message": "No auth profiles found on this computer.\nInteractive Authentication is not availalbe for remote scenarios; auth profiles must be created by the command line. The `--deviceCode` flow must be used for users with MFA requirements, or whose tenants use ADFS.\n[View Auth Profile Help](command:pacCLI.pacAuthHelp)",
	`23`	+ "message": "No auth profiles found on this computer.\nInteractive Authentication is not available for remote scenarios; auth profiles must be created by the command line. The `--deviceCode` flow must be used for users with MFA requirements, or whose tenants use ADFS.\n[View Auth Profile Help](command:pacCLI.pacAuthHelp)",
`24`	`24`	`"comment": [`
`25`	`25`	`"This is a Markdown formatted string, and the formatting must persist across translations.",`
`26`	`26`	"The second line should not translate the argument `--deviceCode`",