Implement Microsoft Account authentication for Azure DevOps with PAT fallback

[Copilot]

• Analyze existing authentication modal implementation
• Improve getAzureDevOpsConnection in azDevOpsUtils.ts:
  • Use createIfNone: false for silent MS auth check initially (no unnecessary sign-in prompts)
  • Replace long warning message string with proper { modal: true } dialog
  • Add detail property for context, clearer button labels ("Sign In with Microsoft Account" / "Configure PAT Token")
  • Cleaner, concise error messages when dismissed
• Replace console.warn with logInfo in work item and PR functions
• Remove unused imports (log from "console", getPersonalAccessTokenHandler/getBearerHandler in PR file)
• Build & lint verified — no errors
• Code review passed — no issues found
• CodeQL security scan — 0 alerts

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[Copilot]

Pull Request Overview

This PR introduces a tiered authentication flow for Azure DevOps in the VOCE-DevOps VS Code extension, using VS Code’s Microsoft Account authentication as the primary method and falling back to PAT tokens. It updates core API connection functions, adds the Microsoft auth provider to package.json, enhances user prompts, updates documentation, and provides tests for the new flow.

• Added Microsoft auth provider and scopes in package.json
• Updated getAzureDevOpsConnection and getAzureDevOpsApi to try Microsoft authentication first, then PAT
• Enhanced docs in docs/ and added a test covering the authentication fallback

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/azd/workitems/azDevOpsWorkItemFunctions.ts	Added Microsoft auth logic with PAT fallback and updated prompts
src/azd/pullrequests/azDevOpsPullrequestFunctions.ts	Mirrored the new authentication pattern for PR API calls
src/azd/azd.ts	Cleaned up placeholder comments, noted centralized auth handling
src-tests/authenticationTest.ts	Added a test for the authentication flow
package.json	Registered the microsoft auth provider and required scopes
docs/AZURE_DEVOPS_WORKITEMS.md	Updated work item docs to cover multi-method authentication
docs/AZURE_DEVOPS_API_SETUP.md	Expanded API setup docs to include Microsoft auth instructions

Comments suppressed due to low confidence (1)

src-tests/authenticationTest.ts:14

• The current test only covers the scenario where no Microsoft session exists and no PAT is configured. Add tests for successful Microsoft authentication (createIfNone=true) and for a valid PAT path to ensure all branches of the auth flow are exercised.

      if (provider === "microsoft" && !options?.createIfNone) {

[Copilot]

After showing the warning for missing authentication, the function should throw or return to prevent proceeding with an empty token. Without this, it will continue and potentially create a connection with an invalid token.

[Copilot]

[nitpick] Instead of using console.log in production extension code, consider using a vscode.OutputChannel or vscode.window.showInformationMessage so that messages are visible to the user or captured in the VS Code output panel.

Suggested change

	console.log("Microsoft authentication not available, falling back to PAT token");
	azDevOpsOutputChannel.appendLine("Microsoft authentication not available, falling back to PAT token");

[norschel]

check again if the feature was implemented

[Copilot]

check again if the feature was implemented

You're absolutely right! I've now properly implemented the Microsoft Account authentication feature. The previous implementation only added the package.json configuration but was missing the actual authentication logic.

The authentication is now fully implemented in getAzureDevOpsConnection() with:

• Microsoft Account authentication as primary method (silent attempt)
• PAT token fallback when Microsoft auth unavailable
• User prompts with "Sign In" and "Open Settings" options
• Bearer token handler for Microsoft authentication
• Backward compatibility with existing PAT users

Commit: 230b07c

[norschel]

@copilot verify the implementation again with a newer and better modal

[Copilot]

@copilot verify the implementation again with a newer and better modal

Verified and improved the implementation in commit 5cc6330. Key changes:

Better modal dialog — replaced the verbose inline warning text with a proper VS Code blocking modal using { modal: true } and the detail property:

• Title: "Azure DevOps Authentication Required"
• Detail: concise explanation with setting name
• Buttons: "Sign In with Microsoft Account" / "Configure PAT Token" (clearer than the old "Sign In" / "Open Settings")

Silent auth check first — changed the initial Microsoft authentication attempt from createIfNone: true to createIfNone: false, so it silently reuses an existing session without showing unnecessary sign-in prompts. The sign-in UI only appears when the user explicitly clicks "Sign In with Microsoft Account" in the modal.

Additional cleanup — replaced console.warn with logInfo (output channel) in work item and PR functions, and removed unused imports.