diff --git a/.github/workflows/release-vscode.yaml b/.github/workflows/release-vscode.yaml
index 23b270361..8aa3c123b 100644
--- a/.github/workflows/release-vscode.yaml
+++ b/.github/workflows/release-vscode.yaml
@@ -3,8 +3,7 @@
 
 name: Publish VSCode Extension
 on:
-  release:
-    types: [published]
+  workflow_dispatch:
 
 defaults:
   run:
@@ -18,12 +17,14 @@ jobs:
 
     permissions:
       contents: read
+      id-token: write # Required for OIDC authentication with Azure
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.1.0
         with:
           node-version: '24.x'
           registry-url: 'https://registry.npmjs.org'
@@ -39,9 +40,17 @@ jobs:
       - name: Build vsix
         run: npx vsce package --out clarity.vsix
 
+      - name: Azure Login (OIDC)
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          allow-no-subscriptions: true
+
       - name: Publish to VSCode Marketplace
         continue-on-error: true
-        run: npx vsce publish --packagePath clarity.vsix --pat ${{ secrets.VSCE_TOKEN }}
+        run: npx @vscode/vsce verify-pat StacksLabs --azure-credential
+        #npx vsce publish --packagePath clarity.vsix --azure-credential
 
-      - name: Publish to Open VSX
-        run: npx ovsx publish --packagePath clarity.vsix --pat ${{ secrets.OVSX_TOKEN }}
+      # - name: Publish to Open VSX
+      #   run: npx ovsx publish --packagePath clarity.vsix --pat ${{ secrets.OVSX_TOKEN }}
\ No newline at end of file