Refresh auth tokens when server returns 401, fixes microsoft#89629

Rachel Macfarlane · Rachel Macfarlane · commit df3ae4adefbb · 2020-02-18T10:46:49.000-08:00
diff --git a/extensions/vscode-account/src/AADHelper.ts b/extensions/vscode-account/src/AADHelper.ts
@@ -21,6 +21,7 @@ interface IToken {
 	accessToken?: string; // When unable to refresh due to network problems, the access token becomes undefined
 
 	expiresIn?: string; // How long access token is valid, in seconds
+	expiresAt?: number; // UNIX epoch time at which token will expire
 	refreshToken: string;
 
 	accountName: string;
@@ -183,12 +184,33 @@ export class AzureActiveDirectoryService {
 	private convertToSession(token: IToken): vscode.AuthenticationSession {
 		return {
 			id: token.sessionId,
-			accessToken: () => !token.accessToken ? Promise.reject('Unavailable due to network problems') : Promise.resolve(token.accessToken),
+			accessToken: () => this.resolveAccessToken(token),
 			accountName: token.accountName,
 			scopes: token.scope.split(' ')
 		};
 	}
 
+	private async resolveAccessToken(token: IToken): Promise<string> {
+		if (token.accessToken && (!token.expiresAt || token.expiresAt > Date.now())) {
+			Logger.info('Token available from cache');
+			return Promise.resolve(token.accessToken);
+		}
+
+		try {
+			Logger.info('Token expired or unavailable, trying refresh');
+			const refreshedToken = await this.refreshToken(token.refreshToken, token.scope);
+			if (refreshedToken.accessToken) {
+				Promise.resolve(token.accessToken);
+			} else {
+				throw new Error();
+			}
+		} catch (e) {
+			throw new Error('Unavailable due to network problems');
+		}
+
+		throw new Error('Unavailable due to network problems');
+	}
+
 	private getTokenClaims(accessToken: string): ITokenClaims {
 		try {
 			return JSON.parse(Buffer.from(accessToken.split('.')[1], 'base64').toString());
@@ -374,6 +396,7 @@ export class AzureActiveDirectoryService {
 		const claims = this.getTokenClaims(json.access_token);
 		return {
 			expiresIn: json.expires_in,
+			expiresAt: Date.now() + json.expires_in * 1000,
 			accessToken: json.access_token,
 			refreshToken: json.refresh_token,
 			scope,
diff --git a/src/vs/platform/userDataSync/common/userDataAuthTokenService.ts b/src/vs/platform/userDataSync/common/userDataAuthTokenService.ts
@@ -14,6 +14,9 @@ export class UserDataAuthTokenService extends Disposable implements IUserDataAut
 	private _onDidChangeToken: Emitter<string | undefined> = this._register(new Emitter<string | undefined>());
 	readonly onDidChangeToken: Event<string | undefined> = this._onDidChangeToken.event;
 
+	private _onTokenFailed: Emitter<void> = this._register(new Emitter<void>());
+	readonly onTokenFailed: Event<void> = this._onTokenFailed.event;
+
 	private _token: string | undefined;
 
 	constructor() {
@@ -30,4 +33,8 @@ export class UserDataAuthTokenService extends Disposable implements IUserDataAut
 			this._onDidChangeToken.fire(token);
 		}
 	}
+
+	sendTokenFailed(): void {
+		this._onTokenFailed.fire();
+	}
 }
diff --git a/src/vs/platform/userDataSync/common/userDataSync.ts b/src/vs/platform/userDataSync/common/userDataSync.ts
@@ -308,9 +308,11 @@ export interface IUserDataAuthTokenService {
 	_serviceBrand: undefined;
 
 	readonly onDidChangeToken: Event<string | undefined>;
+	readonly onTokenFailed: Event<void>;
 
 	getToken(): Promise<string | undefined>;
 	setToken(accessToken: string | undefined): Promise<void>;
+	sendTokenFailed(): void;
 }
 
 export const IUserDataSyncLogService = createDecorator<IUserDataSyncLogService>('IUserDataSyncLogService');
diff --git a/src/vs/platform/userDataSync/common/userDataSyncIpc.ts b/src/vs/platform/userDataSync/common/userDataSyncIpc.ts
@@ -96,6 +96,7 @@ export class UserDataAuthTokenServiceChannel implements IServerChannel {
 	listen(_: unknown, event: string): Event<any> {
 		switch (event) {
 			case 'onDidChangeToken': return this.service.onDidChangeToken;
+			case 'onTokenFailed': return this.service.onTokenFailed;
 		}
 		throw new Error(`Event not found: ${event}`);
 	}
diff --git a/src/vs/platform/userDataSync/common/userDataSyncStoreService.ts b/src/vs/platform/userDataSync/common/userDataSyncStoreService.ts
@@ -133,6 +133,7 @@ export class UserDataSyncStoreService extends Disposable implements IUserDataSyn
 		}
 
 		if (context.res.statusCode === 401) {
+			this.authTokenService.sendTokenFailed();
 			throw new UserDataSyncStoreError(`Request '${options.url?.toString()}' failed because of Unauthorized (401).`, UserDataSyncErrorCode.Unauthorized, source);
 		}
 
diff --git a/src/vs/workbench/contrib/userDataSync/browser/userDataSync.ts b/src/vs/workbench/contrib/userDataSync/browser/userDataSync.ts
@@ -122,6 +122,7 @@ export class UserDataSyncWorkbenchContribution extends Disposable implements IWo
 			this.onDidChangeEnablement(this.userDataSyncEnablementService.isEnabled());
 			this._register(Event.debounce(userDataSyncService.onDidChangeStatus, () => undefined, 500)(() => this.onDidChangeSyncStatus(this.userDataSyncService.status)));
 			this._register(userDataSyncService.onDidChangeConflicts(() => this.onDidChangeConflicts(this.userDataSyncService.conflictsSources)));
+			this._register(this.userDataAuthTokenService.onTokenFailed(_ => this.authenticationService.getSessions(this.userDataSyncStore!.authenticationProviderId)));
 			this._register(this.userDataSyncEnablementService.onDidChangeEnablement(enabled => this.onDidChangeEnablement(enabled)));
 			this._register(this.authenticationService.onDidRegisterAuthenticationProvider(e => this.onDidRegisterAuthenticationProvider(e)));
 			this._register(this.authenticationService.onDidUnregisterAuthenticationProvider(e => this.onDidUnregisterAuthenticationProvider(e)));
diff --git a/src/vs/workbench/services/userDataSync/electron-browser/userDataAuthTokenService.ts b/src/vs/workbench/services/userDataSync/electron-browser/userDataAuthTokenService.ts
@@ -18,11 +18,15 @@ export class UserDataAuthTokenService extends Disposable implements IUserDataAut
 	private _onDidChangeToken: Emitter<string | undefined> = this._register(new Emitter<string | undefined>());
 	readonly onDidChangeToken: Event<string | undefined> = this._onDidChangeToken.event;
 
+	private _onTokenFailed: Emitter<void> = this._register(new Emitter<void>());
+	readonly onTokenFailed: Event<void> = this._onTokenFailed.event;
+
 	constructor(
 		@ISharedProcessService sharedProcessService: ISharedProcessService,
 	) {
 		super();
 		this.channel = sharedProcessService.getChannel('authToken');
+		this._register(this.channel.listen<void[]>('onTokenFailed')(_ => this.sendTokenFailed()));
 	}
 
 	getToken(): Promise<string | undefined> {
@@ -32,6 +36,10 @@ export class UserDataAuthTokenService extends Disposable implements IUserDataAut
 	setToken(token: string | undefined): Promise<undefined> {
 		return this.channel.call('setToken', token);
 	}
+
+	sendTokenFailed(): void {
+		this._onTokenFailed.fire();
+	}
 }
 
 registerSingleton(IUserDataAuthTokenService, UserDataAuthTokenService);

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,9 @@ export class UserDataAuthTokenService extends Disposable implements IUserDataAut`
`14`	`14`	`private _onDidChangeToken: Emitter<string \| undefined> = this._register(new Emitter<string \| undefined>());`
`15`	`15`	`readonly onDidChangeToken: Event<string \| undefined> = this._onDidChangeToken.event;`
`16`	`16`
	`17`	`+ private _onTokenFailed: Emitter<void> = this._register(new Emitter<void>());`
	`18`	`+ readonly onTokenFailed: Event<void> = this._onTokenFailed.event;`
	`19`	`+`
`17`	`20`	`private _token: string \| undefined;`
`18`	`21`
`19`	`22`	`constructor() {`
`@@ -30,4 +33,8 @@ export class UserDataAuthTokenService extends Disposable implements IUserDataAut`
`30`	`33`	`this._onDidChangeToken.fire(token);`
`31`	`34`	`}`
`32`	`35`	`}`
	`36`	`+`
	`37`	`+ sendTokenFailed(): void {`
	`38`	`+ this._onTokenFailed.fire();`
	`39`	`+ }`
`33`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -308,9 +308,11 @@ export interface IUserDataAuthTokenService {`
`308`	`308`	`_serviceBrand: undefined;`
`309`	`309`
`310`	`310`	`readonly onDidChangeToken: Event<string \| undefined>;`
	`311`	`+ readonly onTokenFailed: Event<void>;`
`311`	`312`
`312`	`313`	`getToken(): Promise<string \| undefined>;`
`313`	`314`	`setToken(accessToken: string \| undefined): Promise<void>;`
	`315`	`+ sendTokenFailed(): void;`
`314`	`316`	`}`
`315`	`317`
`316`	`318`	`export const IUserDataSyncLogService = createDecorator<IUserDataSyncLogService>('IUserDataSyncLogService');`
Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ export class UserDataAuthTokenServiceChannel implements IServerChannel {`
`96`	`96`	`listen(_: unknown, event: string): Event<any> {`
`97`	`97`	`switch (event) {`
`98`	`98`	`case 'onDidChangeToken': return this.service.onDidChangeToken;`
	`99`	`+ case 'onTokenFailed': return this.service.onTokenFailed;`
`99`	`100`	`}`
`100`	`101`	throw new Error(`Event not found: ${event}`);
`101`	`102`	`}`
Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,7 @@ export class UserDataSyncStoreService extends Disposable implements IUserDataSyn`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`if (context.res.statusCode === 401) {`
	`136`	`+ this.authTokenService.sendTokenFailed();`
`136`	`137`	throw new UserDataSyncStoreError(`Request '${options.url?.toString()}' failed because of Unauthorized (401).`, UserDataSyncErrorCode.Unauthorized, source);
`137`	`138`	`}`
`138`	`139`