From 8d49b15b5375a70cb2fb9770b7a094ea21144514 Mon Sep 17 00:00:00 2001
From: Cheena Malhotra <13396919+cheenamalhotra@users.noreply.github.com>
Date: Thu, 23 Mar 2023 21:01:03 -0700
Subject: [PATCH] Skip forceRefresh for full (owning) tenant (#22421)

---
 extensions/azurecore/src/account-provider/auths/azureAuth.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/extensions/azurecore/src/account-provider/auths/azureAuth.ts b/extensions/azurecore/src/account-provider/auths/azureAuth.ts
index a96ca1b9f8..464bfee415 100644
--- a/extensions/azurecore/src/account-provider/auths/azureAuth.ts
+++ b/extensions/azurecore/src/account-provider/auths/azureAuth.ts
@@ -349,13 +349,14 @@ export abstract class AzureAuth implements vscode.Disposable {
 		}
 
 		// construct request
-		// forceRefresh needs to be set true here in order to fetch the correct token, due to this issue
+		// forceRefresh needs to be set true here in order to fetch the correct token for non-full tenants, due to this issue
 		// https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/3687
 		const tokenRequest = {
 			account: account,
 			authority: `${this.loginEndpointUrl}${tenantId}`,
 			scopes: newScope,
-			forceRefresh: true
+			// Force Refresh when tenant is NOT full tenant or organizational id that this account belongs to.
+			forceRefresh: tenantId !== account.tenantId
 		};
 		try {
 			return await this.clientApplication.acquireTokenSilent(tokenRequest);