Fix and enhance auto-prompt to clear Entra token cache on multiple matching tokens error

[Copilot]

This PR fixes a critical bug and enhances the user experience when encountering the multiple_matching_tokens_detected error during Active Directory Interactive authentication.

Problem

Users experiencing the "multiple matching tokens detected" error (shown in the issue screenshot) faced two major problems:

1. Broken functionality: The existing error handler had a bug where clicking "Clear cache and refresh token" did nothing due to incorrect button response validation
2. Poor user experience: The error message was technical and didn't explain what caused the issue or why clearing the cache would help

Currently, users had to manually run MS SQL: Clear Microsoft Entra account token cache from the command palette, but even the built-in error dialog was non-functional.

Solution

🐛 Critical Bug Fix

Fixed the button response checking in msalAzureController.ts. The code was checking for LocalizedConstants.msgYes but the actual button passed was LocalizedConstants.ConnectionDialog.ClearCacheAndRefreshToken.

🎨 Enhanced User Experience

• Improved error message: Now explains that multiple tokens are "usually caused by using VS Code with different user accounts" and recommends clearing the token cache
• Better button text: Changed from "Clear cache and refresh token" to "Clear Token Cache" for clarity
• Additional option: Added "Always Clear Cache" button to enable automatic resolution for future occurrences

⚙️ Auto-Clear Configuration

Added new setting mssql.azureAutoClearTokenCache that allows users to automatically clear the token cache without prompting when this error occurs.

User flow:

• One-time clear: Click "Clear Token Cache" → cache cleared, connection retries
• Enable auto-clear: Click "Always Clear Cache" → setting enabled + cache cleared + retries automatically in future
• Auto-clear mode: When setting enabled → automatic cache clearing with no user prompts

📝 Configuration Details

{
  "mssql.azureAutoClearTokenCache": {
    "type": "boolean", 
    "default": false,
    "description": "Automatically clear the Azure token cache when multiple matching tokens are detected, without prompting the user",
    "scope": "application"
  }
}

Impact

This transforms a frustrating technical error into a guided, self-healing experience:

• Before: Broken button, confusing error message, manual command palette usage required
• After: Working buttons, clear explanation, one-click resolution, optional automation

The feature respects user preferences by defaulting to manual approval but allows power users to enable full automation.

Fixes #19733.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• update.code.visualstudio.com
  • Triggering command: /usr/local/bin/node ./out/test/unit/runTest.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.