Does this issue occur when all extensions are disabled?: Yes/No

• VS Code Version: 1.103.0 (Universal)
• OS Version: 15.6 (24G84) MAC

Problem

VS Code's OAuth loopback server generates redirect URIs without trailing slashes (http://127.0.0.1:port), while Microsoft's own OAuth 2.0 documentation and standards-compliant identity providers (including Entra ID) require trailing slashes in redirect URIs per RFC specifications.

This creates a mismatch where:

• VS Code generates: http://127.0.0.1:3000
• IDP expects: http://127.0.0.1:3000/

Root Cause

Microsoft Entra ID (and other compliant IDPs) automatically append trailing slashes to redirect URIs during OAuth flows, following Microsoft's own documented standards. However, VS Code's loopback server returns URLs without the trailing slash, causing URI mismatch validation failures.

Impact

• OAuth authentication flows fail with "redirect_uri_mismatch" errors
• Affects any OAuth provider that enforces Microsoft's redirect URI format standards
• Creates inconsistency between VS Code's implementation and Microsoft's documented requirements

Environment

• VS Code version: 1.103.0 (Universal)
• OS: macOS (15.6 (24G84)

Labels

• bug
• oauth
• authentication
• vscode-extension