diff --git a/src/vs/vscode.proposed.d.ts b/src/vs/vscode.proposed.d.ts
index 67c78abac58..b4c379c9227 100644
--- a/src/vs/vscode.proposed.d.ts
+++ b/src/vs/vscode.proposed.d.ts
@@ -50,7 +50,7 @@ declare module 'vscode' {
 		readonly displayName: string;
 
 		/**
-		 * A [event](#Event) which fires when the array of sessions has changed, or data
+		 * An [event](#Event) which fires when the array of sessions has changed, or data
 		 * within a session has changed.
 		 */
 		readonly onDidChangeSessions: Event<void>;
@@ -85,7 +85,7 @@ declare module 'vscode' {
 		 * registered, or if the user does not consent to sharing authentication information with
 		 * the extension.
 		 */
-		export function getSessions(providerId: string): Thenable<readonly AuthenticationSession[]>;
+		export function getSessions(providerId: string, scopes: string[]): Thenable<readonly AuthenticationSession[]>;
 
 		/**
 		* Prompt a user to login to create a new authenticaiton session. Rejects if a provider with
@@ -95,7 +95,7 @@ declare module 'vscode' {
 		export function login(providerId: string, scopes: string[]): Thenable<AuthenticationSession>;
 
 		/**
-		* A [event](#Event) which fires when the array of sessions has changed, or data
+		* An [event](#Event) which fires when the array of sessions has changed, or data
 		* within a session has changed for a provider. Fires with the ids of the providers
 		* that have had session data change.
 		*/
diff --git a/src/vs/workbench/api/common/extHost.api.impl.ts b/src/vs/workbench/api/common/extHost.api.impl.ts
index 409da2f66d3..143bc3bdf77 100644
--- a/src/vs/workbench/api/common/extHost.api.impl.ts
+++ b/src/vs/workbench/api/common/extHost.api.impl.ts
@@ -191,8 +191,8 @@ export function createApiFactoryAndRegisterActors(accessor: ServicesAccessor): I
 			hasProvider(providerId: string): boolean {
 				return extHostAuthentication.hasProvider(providerId);
 			},
-			getSessions(providerId: string): Thenable<readonly vscode.AuthenticationSession[]> {
-				return extHostAuthentication.getSessions(extension, providerId);
+			getSessions(providerId: string, scopes: string[]): Thenable<readonly vscode.AuthenticationSession[]> {
+				return extHostAuthentication.getSessions(extension, providerId, scopes);
 			},
 			login(providerId: string, scopes: string[]): Thenable<vscode.AuthenticationSession> {
 				return extHostAuthentication.login(extension, providerId, scopes);
diff --git a/src/vs/workbench/api/common/extHostAuthentication.ts b/src/vs/workbench/api/common/extHostAuthentication.ts
index 88ce55c51ea..baa486b5c5c 100644
--- a/src/vs/workbench/api/common/extHostAuthentication.ts
+++ b/src/vs/workbench/api/common/extHostAuthentication.ts
@@ -28,32 +28,35 @@ export class ExtHostAuthentication implements ExtHostAuthenticationShape {
 		return !!this._authenticationProviders.get(providerId);
 	}
 
-	async getSessions(requestingExtension: IExtensionDescription, providerId: string): Promise<readonly vscode.AuthenticationSession[]> {
+	async getSessions(requestingExtension: IExtensionDescription, providerId: string, scopes: string[]): Promise<readonly vscode.AuthenticationSession[]> {
 		const provider = this._authenticationProviders.get(providerId);
 		if (!provider) {
 			throw new Error(`No authentication provider with id '${providerId}' is currently registered.`);
 		}
 
-		return (await provider.getSessions()).map(session => {
-			return {
-				id: session.id,
-				accountName: session.accountName,
-				scopes: session.scopes,
-				getAccessToken: async () => {
-					const isAllowed = await this._proxy.$getSessionsPrompt(
-						provider.id,
-						provider.displayName,
-						ExtensionIdentifier.toKey(requestingExtension.identifier),
-						requestingExtension.displayName || requestingExtension.name);
+		const orderedScopes = scopes.sort().join(' ');
+		return (await provider.getSessions())
+			.filter(session => session.scopes.sort().join(' ') === orderedScopes)
+			.map(session => {
+				return {
+					id: session.id,
+					accountName: session.accountName,
+					scopes: session.scopes,
+					getAccessToken: async () => {
+						const isAllowed = await this._proxy.$getSessionsPrompt(
+							provider.id,
+							provider.displayName,
+							ExtensionIdentifier.toKey(requestingExtension.identifier),
+							requestingExtension.displayName || requestingExtension.name);
 
-					if (!isAllowed) {
-						throw new Error('User did not consent to token access.');
+						if (!isAllowed) {
+							throw new Error('User did not consent to token access.');
+						}
+
+						return session.getAccessToken();
 					}
-
-					return session.getAccessToken();
-				}
-			};
-		});
+				};
+			});
 	}
 
 	async login(requestingExtension: IExtensionDescription, providerId: string, scopes: string[]): Promise<vscode.AuthenticationSession> {