Skip to content

fix(vscode): throw on missing accessToken instead of returning '******'#9417

Draft
bjbennet with Copilot wants to merge 3 commits into
mainfrom
copilot/fix-review-comment-9406
Draft

fix(vscode): throw on missing accessToken instead of returning '******'#9417
bjbennet with Copilot wants to merge 3 commits into
mainfrom
copilot/fix-review-comment-9406

Conversation

Copilot AI commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

getAuthorizationToken was silently returning '******' when no access token existed, causing callers (e.g. the periodic token refresh) to send invalid `Authorization: ****** headers to ARM.

Changes

  • getAuthorizationToken.ts: Guard against missing accessToken — throws 'No access token available. Please sign in to Azure.' instead of returning an invalid ****** Removed redundant ?. on the return path since the guard guarantees truthiness.

    // Before
    return `******; // returns "******" when no session
    
    // After
    if (!authData?.accessToken) {
      throw new Error(localize('noAccessToken', 'No access token available. Please sign in to Azure.'));
    }
    return `******;
  • __test__/getAuthorizationToken.test.ts (new): Test file from PR fix(vscode): Fix Workflow save, token persistence #9406 with the unsafe assertion fixed — the no-token case now asserts rejects.toThrow('No access token available') instead of toBe('******').

Commit Type

  • feature - New functionality
  • fix - Bug fix
  • refactor - Code restructuring without behavior change
  • perf - Performance improvement
  • docs - Documentation update
  • test - Test-related changes
  • chore - Maintenance/tooling

Risk Level

  • Low - Minor changes, limited scope
  • Medium - Moderate changes, some user impact
  • High - Major changes, significant user/system impact

What & Why

getAuthorizationToken returned '******' when no access token was available, propagating an invalid auth header to downstream ARM requests. This is a targeted fix to throw instead, surfacing the real problem early.

Impact of Change

  • Users: Auth failures now surface as a clear error rather than a silent invalid-token request.
  • Developers: Callers of getAuthorizationToken must now handle the thrown error when no session exists.
  • System: No architectural changes.

Test Plan

  • Unit tests added/updated
  • E2E tests added/updated
  • Manual testing completed
  • Tested in:

Contributors

Screenshots/Videos

Copilot AI added 2 commits July 17, 2026 21:25
Fixes review comment r3597382245 on PR #9406:
- getAuthorizationToken now throws an error when accessToken is
  undefined/empty instead of returning '******'
- Remove redundant optional chaining on the return statement
- Add test file verifying the function throws (instead of the
  previous unsafe assertion toBe('******') on line 46)
Copilot AI changed the title [WIP] Fix code based on review comment for pull request 9406 fix(vscode): throw on missing accessToken instead of returning '******' Jul 17, 2026
Copilot AI requested a review from bjbennet July 17, 2026 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants