Adding centralized cache for Entra tokens

[Benjin]

Description

Further improvements upon #20352

Originally, each connection instance had its own copy of the token spawned/copied from the Object Explorer node, so when that token expired and was refreshed, that refreshed token would live only within its owner.

#20352 improved this by updating the OE token copy when an editor spawned from it needed to reconnect, ensuring that future new editors get the updated token.

This change takes that a step further by sharing a token cache across all connections with the following behavior:

1. Each time a new connection is opened, it checks if the token currently attached is still valid.
2. If it's not valid, it checks to see if there's a valid token in the cache.
3. If there's no valid token in the cache, a new token is obtained, cached centrally in the connection manager, and attached to the current profile.

This way, when the user has multiple tabs open for the same connection, updated tokens are picked up from the cache to minimize the number of times a user is prompted for re-authentication.

Code Changes Checklist

• New or updated unit tests added
• All existing tests pass (npm run test)
• Code follows contributing guidelines
• Telemetry/logging updated if relevant
• No regressions or UX breakage

Reviewers: Please read our reviewer guidelines

[Copilot]

Pull request overview

Adds a centralized, shared Entra (Azure MFA) SQL access-token cache in ConnectionManager so multiple editors/tabs using the same Entra account+tenant can reuse refreshed tokens and reduce repeated re-auth prompts.

Changes:

• Introduces a shared Entra SQL token cache plus an “in-flight refresh” map to dedupe concurrent refreshes.
• Replaces confirmEntraTokenValidity with refreshEntraTokenIfNeeded and wires it into relevant connection flows.
• Adds unit tests covering cache usage, refresh behavior, coalescing parallel refreshes, and cache clearing.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
extensions/mssql/src/controllers/connectionManager.ts	Implements shared Entra SQL token caching and coalesced refresh logic; integrates cache clearing.
extensions/mssql/test/unit/connectionManager.test.ts	Adds unit tests validating cache reuse, refresh, parallel coalescing, and cache clearing behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[github-actions]

PR Changes

Category	Target Branch	PR Branch	Difference
vscode-mssql VSIX	6392 KB	6393 KB	⚪ 1 KB ( 0% )
sql-database-projects VSIX	6119 KB	6119 KB	⚪ 0 KB ( 0% )
data-workspace VSIX	535 KB	535 KB	⚪ 0 KB ( 0% )

[codecov-commenter]

Codecov Report

❌ Patch coverage is 79.50000% with 41 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.35%. Comparing base (31eab5e) to head (4a6eb48).

Files with missing lines	Patch %	Lines
...ensions/mssql/src/controllers/connectionManager.ts	76.66%	35 Missing ⚠️
extensions/mssql/src/sharedInterfaces/webview.ts	77.77%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #21434      +/-   ##
==========================================
+ Coverage   73.25%   73.35%   +0.09%     
==========================================
  Files         328      328              
  Lines       99451    99588     +137     
  Branches     5649     5683      +34     
==========================================
+ Hits        72851    73050     +199     
+ Misses      26600    26538      -62     

Files with missing lines	Coverage Δ
.../src/connectionSharing/connectionSharingService.ts	98.93% <100.00%> (+<0.01%)	⬆️
extensions/mssql/src/constants/locConstants.ts	76.06% <100.00%> (+0.12%)	⬆️
extensions/mssql/src/sharedInterfaces/webview.ts	98.50% <77.77%> (-1.50%)	⬇️
...ensions/mssql/src/controllers/connectionManager.ts	62.43% <76.66%> (+4.46%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

[Copilot]

After cancellation triggers reject(...), the code can still proceed to refreshTask() and later call resolve(...)/reject(...) again (since the cancellation handler doesn’t short-circuit the async flow). This can lead to unnecessary interactive auth continuing even after the user cancels. Consider tracking a cancelled flag (set in the cancellation handler) and returning early before starting refreshTask(), and/or checking token.isCancellationRequested before and after the refresh call.

[Benjin]

@copilot could you fix this?

[Benjin]

@copilot Can you fix this?

[Benjin]

@copilot open a new pull request to apply changes based on this feedback

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.