From 5021db56496d86a232d6a749864c5ae280821af1 Mon Sep 17 00:00:00 2001 From: Denis Golovin Date: Wed, 1 Jul 2026 21:26:09 -0700 Subject: [PATCH] fix: use the same scopes for auth session as other extensions Fix #773. Red Hat SSO authentication provider matches existing sessions with exactly the same scopes. Sandbox should use the same scopes as other Red Hat extensions to avoid triggering authentication dialog when there is already session created by Red Hat SSO Authentication provider triggered from different Red Hat extension. Signed-off-by: Denis Golovin --- src/extension.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/extension.ts b/src/extension.ts index 2c6b90c..49a9539 100644 --- a/src/extension.ts +++ b/src/extension.ts @@ -273,9 +273,16 @@ export async function activate(extensionContext: extensionApi.ExtensionContext): } // use existing SSO session or request to login - const ssoSession = await extensionApi.authentication.getSession('redhat.authentication-provider', ['openid'], { - createIfNone: true, - }); + const ssoSession = await extensionApi.authentication.getSession( + 'redhat.authentication-provider', + [ + 'api.iam.registry_service_accounts', //scope that gives access to hydra service accounts API + 'api.console', + ], + { + createIfNone: true, + }, + ); // check Developer Sandbox status and sign up for it if possible let status: SBSignupResponse = await getDevSandboxSignUpStatus((ssoSession as any).idToken);