✨ Microsoft Entra Account MFA in VSCode AP

[coau]

Describe the feature request.

I want to be able to successfully add Microsoft Entra Account in VSCode AP

Describe the context.

I am trying to connect to an Microsoft SQL Database through VSCode using the mssql extension, and it requires Entra ID with MFA Auth, which I cannot add my justice.gov.uk 365 account to.

I tried to connect to the SQL Server in Azure using mssql extension. As part of authentication the extension navigates to the localhost link like http://localhost:42321/signin?nonce=eb6ac82c-7e4e-4461-89d3-fe41d8308312. However, this localhost is resolved to the browser context, not the vscode host context.

I was able to trick the VSCode by manually copy pasting responses between the VSCode and my DOM1 browser.

1. Try to authenticate in VSCode
2. VSCode navigates to localhost
3. Use python requests to get HTML page from that link
4. Copy paste the HTML to DOM1, login there
5. DOM1 browser navigates again to localhost, copy the link
6. Evaluate the new link in VSCode again

After this procedure the Entra Account appers to be added, but I cannot login as I get the following error:

User account not found in MSAL cache, please add linked account or refresh account credentials.

Value / Purpose

The value is being able to connect to the Microsoft SQL Database using Entra ID MFA

User Types

Analysts

[coau]

An update, I was able to resolve this by changing the Azure Active Directory setting in the mssql extension setting to DeviceCode

It appears to work in this case, which is good but I have hit other problems :(

First (and rather obvious) problem, what happens if extension has an authentication that uses localhost but no setting to toggle? Answer: It will not work. I've done some research and I don't think there is any obvious solution, and you either have to hope that developer of the extension implements a different authentication method, or you have to use desktop VSCode.

Second problem, and AP specific, it appears that VSCode is hosted in Ireland? Is that right?

In summary, the original problem is resolved now, but I am not sure if it's a good solution. Happy to close this issue if nobody else sees any value in exploring this further

[Ed-Bajo]

The Visual Studio code is new offering on the Analytical Platform and we currently do not support adding add Microsoft Entra Account in VSCode.

We understand your desire to use this functionality, and will be looking to investigate feature requests such as this in due time once the product is more mature. With that said, we will certainly not prevent you from investigating this yourself, but do so with knowledge that any issues you find that aren't due to core functionality of VS Code will not be issues we can help you with.

We note the behaviour around localhost you experienced here however, and will be raising a bug ticket around this issue seen with loopbacks. Although this will not resolve your feature request, it should make your life somewhat easier once fixed.