Skip forceRefresh for full (owning) tenant (#22421)

2026-02-07 01:25:38 -05:00 · 2023-03-23 21:01:03 -07:00
parent dfc6469c9d
commit 8d49b15b53
1 changed files with 3 additions and 2 deletions
--- a/extensions/azurecore/src/account-provider/auths/azureAuth.ts
+++ b/extensions/azurecore/src/account-provider/auths/azureAuth.ts
@@ -349,13 +349,14 @@ export abstract class AzureAuth implements vscode.Disposable {
 		}

 		// construct request
-		// forceRefresh needs to be set true here in order to fetch the correct token, due to this issue
+		// forceRefresh needs to be set true here in order to fetch the correct token for non-full tenants, due to this issue
 		// https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/3687
 		const tokenRequest = {
 			account: account,
 			authority: `${this.loginEndpointUrl}${tenantId}`,
 			scopes: newScope,
-			forceRefresh: true
+			// Force Refresh when tenant is NOT full tenant or organizational id that this account belongs to.
+			forceRefresh: tenantId !== account.tenantId
 		};
 		try {
 			return await this.clientApplication.acquireTokenSilent(tokenRequest);