Plumbs an optional 'resource' field through IAuthenticationService get/createSession options and the authIssuers proposal so MCP authentication can request audience-restricted tokens. mainThreadMcp now forwards authDetails.resourceMetadata.resource into both calls.
In the microsoft-authentication extension, the resource is threaded into MSAL's acquireTokenInteractive, acquireTokenByDeviceCode, and acquireTokenSilent. Bumps @azure/msal-node and @azure/msal-node-extensions to ^5.1.5; adapts to ServerAuthorizationCodeResponse -> AuthorizeResponse and fromNativeBroker -> fromPlatformBroker renames.
Adds tests verifying that getSessions/createSession forward 'resource' to the provider, and that each MSAL flow (default, protocol handler, device code) forwards 'resource' to the underlying MSAL call.
Disabled protocol handlers and registry updates on Windows in portable mode.
Added API proposal to detect if VS Code is running in portable mode from extensions.
Skipped protocol redirect in GitHub authentication in portable mode.
* Initial plan
* Remove web worker support from microsoft-authentication extension
- Remove browser entry point from package.json
- Remove browser webpack configuration
- Remove browser-specific scripts (compile-web, watch-web)
- Remove src/browser/ directory with browser-specific implementations
- Remove ExtensionHost.WebWorker enum value
- Remove supportsWebWorkerExtensionHost flags from all flows
- Simplify authProvider.ts by removing web worker detection logic
- Remove web worker test case from flows.test.ts
- Successfully compiled with 0 errors
Co-authored-by: TylerLeonhardt <2644648+TylerLeonhardt@users.noreply.github.com>
* couple references
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>