Add forceRefresh parameter to getAccessToken() for near-expiry token recovery#137
Open
jethibau-msft wants to merge 1 commit intomicrosoft:masterfrom
Open
Add forceRefresh parameter to getAccessToken() for near-expiry token recovery#137jethibau-msft wants to merge 1 commit intomicrosoft:masterfrom
jethibau-msft wants to merge 1 commit intomicrosoft:masterfrom
Conversation
The getAccessToken method now accepts an optional forceRefresh parameter which is forwarded to the host frame via XDM. This allows the host to return a fresh token instead of a cached one when requested. This change enables the token refresh flow that IAuthorizationTokenProvider defines (via its forceRefresh parameter on getAuthorizationHeader) but was never wired through to the actual token acquisition. Background: ADO services reject access tokens that are within ~5 minutes of expiry. Extensions using SDK.getAccessToken() have no way to request a fresh token when the host returns a near-expiry cached token. This change enables that flow (pending host-side support for the parameter). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Author
|
@microsoft-github-policy-service agree company="Microsoft" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
SDK.getAccessToken()has no way to request a fresh token from the host. TheIAuthorizationTokenProviderinterface inazure-devops-extension-apialready definesforceRefresh?: booleanongetAuthorizationHeader(), butgetAccessToken()never accepted or forwarded this parameter.Fix
Add an optional
forceRefreshparameter togetAccessToken()and forward it to the host via XDM:This is a backwards-compatible change — existing callers with no arguments are unaffected. The host-side
DevOps.HostControlhandler would also need to honor the parameter for the full flow to work.Companion PR
The
azure-devops-extension-apialso has two bugs (broken 401 retry + default auth provider ignoringforceRefresh): microsoft/azure-devops-extension-api#187Impact
Every ADO web extension using
SDK.getAccessToken()orgetClient()is affected during long-running sessions when tokens approach expiry.