How to have plugin code read from cookie

I have implemented authentication in an extension by use of a BackendApplicationContribution.
I then surface my user token to the front end through a cookie.

Now my plugin (not extension) code needs that user token (it performs authenticated REST calls to a remote server to build the treeview)
is there a way in the vscode API to read from cookies ?
I guess they are sent to the plugin backend code but I can’t figure if and how to read them.

Thanks in advance for your help.


[original thread by Frederic Canteloup]

I don’t think it is possible. I am not sure it is desirable that any 3rd party VS Code extension has access to cookies of the main page because of security reasons. It is one thing then you add built time Theia extension and you can check what it does, it is another thing to allow a user to install an extension from the internet which can access his cookies.

Particularly for your extension maybe you can do it somehow though. cc @florentbenoit

yes, I agree with Anton that you can’t access cookies of main-page (also this is why webviews are using a separate host, etc)

As ‘workarounds’ you may add a command that is getting the token (implemented by your auth extension) and your plug-in call that command (but it also means, that any plug-in could potentially steal/read that token) but it’s kind of user responsibility then.

[Frederic Canteloup]

Hello Anton and Florent and thanks for this quick reply

[Frederic Canteloup]

forgive my lack of practical knowledge when it comes to the extension paradigm, only really been working with plugins for the past few months

[Frederic Canteloup]

so you are saying that in my auth extension I can implement a command and then call an an executeCommand from my plugin? would it be from a front end or backend extension ?

[Frederic Canteloup]

going to try and see if it works and if it is applicable for multiple users: the plugin must always get the token from the logged-in user, not from some user agnostic backend info. Any more info on this will be greatly appreciated. Thanks

[Frederic Canteloup]

Hello again, The solution work splendidly: I did not realize that from my front end contribution I had full access to the document object and hence to the cookie. You made my day!