microsoft · cssuh · Sep 30, 2022 · Aug 31, 2022 · Sep 6, 2022 · Sep 7, 2022
@@ -157,7 +157,7 @@ export class AzureAuthCodeGrant extends AzureAuth {
 			response_type: 'code',
 			response_mode: 'query',
 			client_id: this.clientId,
-			redirect_uri: this.redirectUri,
+			redirect_uri: `${this.redirectUri}:${serverPort}/redirect`,
 			state,
 			prompt: 'select_account',
 			code_challenge_method: 'S256',
@@ -170,7 +170,7 @@ export class AzureAuthCodeGrant extends AzureAuth {
 		return {
 			authCode,
 			codeVerifier,
-			redirectUri: this.redirectUri
+			redirectUri: `${this.redirectUri}:${serverPort}/redirect`
 		};
 
 	}
@@ -222,6 +222,21 @@ export class AzureAuthCodeGrant extends AzureAuth {
 		});
 
 		return new Promise<string>((resolve, reject) => {
+			server.on('/redirect', (req, reqUrl, res) => {
+				const state = reqUrl.query.state as string ?? '';
+				const split = state.split(',');
+				if (split.length !== 2) {
+					res.writeHead(400, { 'content-type': 'text/html' });
+					res.write(localize('azureAuth.stateError', 'Authentication failed due to a state mismatch, please close ADS and try again.'));
+					res.end();
+					reject(new Error('State mismatch'));
+					return;
+				}
+				const port = split[0];
+				res.writeHead(302, { Location: `http://127.0.0.1:${port}/callback${reqUrl.search}` });
+				res.end();
+			});
+
 			server.on('/callback', (req, reqUrl, res) => {
 				const state = reqUrl.query.state as string ?? '';
 				const code = reqUrl.query.code as string ?? '';

@@ -93,7 +93,7 @@ const publicAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.azure.com/user_impersonation',
@@ -158,7 +158,7 @@ const usGovAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.usgovcloudapi.net/user_impersonation'
@@ -217,7 +217,7 @@ const usNatAzureSettings: ProviderSettings = {
 				endpointSuffix: '.core.eaglex.ic.gov',
 				azureResourceId: AzureResource.AzureStorage
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.core.eaglex.ic.gov/user_impersonation'
@@ -267,7 +267,7 @@ const germanyAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.microsoftazure.de/user_impersonation'
@@ -331,7 +331,7 @@ const chinaAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.chinacloudapi.cn/user_impersonation'

diff --git a/extensions/microsoft-authentication/src/AADHelper.ts b/extensions/microsoft-authentication/src/AADHelper.ts
@@ -20,7 +20,7 @@ import { MicrosoftAuthenticationSession } from './microsoft-authentication';
 
 const localize = nls.loadMessageBundle();
 
-const redirectUrl = 'https://vscode-redirect.azurewebsites.net/';
+const redirectUrl = 'http://localhost/redirect';
 const loginEndpointUrl = 'https://login.microsoftonline.com/';
 const clientId = 'aebc6443-996d-45c2-90f0-388ff96faa56';
 const tenant = 'organizations';