chore: add debug statements around auth checking (#422)

Author: brandonskiser

crates/chat-cli/src/auth/builder_id.rs

@@ -49,6 +49,7 @@ use time::OffsetDateTime;
 use tracing::{
     debug,
     error,
+    info,
     trace,
     warn,
 };
@@ -302,6 +303,7 @@ impl BuilderIdToken {
 
     /// Load the token from the keychain, refresh the token if it is expired and return it
     pub async fn load(database: &Database) -> Result<Option<Self>, AuthError> {
+        trace!("loading builder id token from the secret store");
         match database.get_secret(Self::SECRET_KEY).await {
             Ok(Some(secret)) => {
                 let token: Option<Self> = serde_json::from_str(&secret.0)?;
@@ -314,6 +316,7 @@ impl BuilderIdToken {
                             trace!("token is expired, refreshing");
                             token.refresh_token(&client, database, &region).await
                         } else {
+                            trace!(?token, "found a valid token");
                             Ok(Some(token))
                         }
                     },
@@ -342,6 +345,7 @@ impl BuilderIdToken {
         region: &Region,
     ) -> Result<Option<Self>, AuthError> {
         let Some(refresh_token) = &self.refresh_token else {
+            warn!("no refresh token was found");
             // if the token is expired and has no refresh token, delete it
             if let Err(err) = self.delete(database).await {
                 error!(?err, "Failed to delete builder id token");
@@ -350,6 +354,7 @@ impl BuilderIdToken {
             return Ok(None);
         };
 
+        trace!("loading device registration from secret store");
         let registration = match DeviceRegistration::load_from_secret_store(database, region).await? {
             Some(registration) if registration.oauth_flow == self.oauth_flow => registration,
             // If the OIDC client registration is for a different oauth flow or doesn't exist, then
@@ -525,8 +530,22 @@ pub async fn poll_create_token(
 
 pub async fn is_logged_in(database: &mut Database) -> bool {
     // Check for BuilderId if not using Sigv4
-    std::env::var("AMAZON_Q_SIGV4").is_ok_and(|v| !v.is_empty())
-        || matches!(BuilderIdToken::load(database).await, Ok(Some(_)))
+    if std::env::var("AMAZON_Q_SIGV4").is_ok_and(|v| !v.is_empty()) {
+        debug!("logged in using sigv4 credentials");
+        return true;
+    }
+
+    match BuilderIdToken::load(database).await {
+        Ok(Some(_)) => true,
+        Ok(None) => {
+            info!("not logged in - no valid token found");
+            false
+        },
+        Err(err) => {
+            warn!(?err, "failed to try to load a builder id token");
+            false
+        },
+    }
 }
 
 pub async fn logout(database: &mut Database) -> Result<(), AuthError> {

crates/fig_auth/src/builder_id.rs

@@ -53,6 +53,8 @@ use time::OffsetDateTime;
 use tracing::{
     debug,
     error,
+    info,
+    trace,
     warn,
 };
 
@@ -307,6 +309,7 @@ impl BuilderIdToken {
 
     /// Load the token from the keychain, refresh the token if it is expired and return it
     pub async fn load(secret_store: &SecretStore, force_refresh: bool) -> Result<Option<Self>> {
+        trace!("loading builder id token from the secret store");
         match secret_store.get(Self::SECRET_KEY).await {
             Ok(Some(secret)) => {
                 let token: Option<Self> = serde_json::from_str(&secret.0)?;
@@ -319,13 +322,20 @@ impl BuilderIdToken {
                         if token.is_expired() || force_refresh {
                             token.refresh_token(&client, secret_store, &region).await
                         } else {
+                            trace!(?token, "found a valid token");
                             Ok(Some(token))
                         }
                     },
-                    None => Ok(None),
+                    None => {
+                        debug!("secret stored in the database was empty");
+                        Ok(None)
+                    },
                 }
             },
-            Ok(None) => Ok(None),
+            Ok(None) => {
+                debug!("no secret found in the database");
+                Ok(None)
+            },
             Err(err) => {
                 error!(%err, "Error getting builder id token from keychain");
                 Err(err)
@@ -341,6 +351,7 @@ impl BuilderIdToken {
         region: &Region,
     ) -> Result<Option<Self>> {
         let Some(refresh_token) = &self.refresh_token else {
+            warn!("no refresh token was found");
             // if the token is expired and has no refresh token, delete it
             if let Err(err) = self.delete(secret_store).await {
                 error!(?err, "Failed to delete builder id token");
@@ -349,6 +360,7 @@ impl BuilderIdToken {
             return Ok(None);
         };
 
+        trace!("loading device registration from secret store");
         let registration = match DeviceRegistration::load_from_secret_store(secret_store, region).await? {
             Some(registration) if registration.oauth_flow == self.oauth_flow => registration,
             // If the OIDC client registration is for a different oauth flow or doesn't exist, then
@@ -559,7 +571,17 @@ pub async fn is_amzn_user() -> Result<bool> {
 }
 
 pub async fn is_logged_in() -> bool {
-    matches!(builder_id_token().await, Ok(Some(_)))
+    match builder_id_token().await {
+        Ok(Some(_)) => true,
+        Ok(None) => {
+            info!("not logged in - no valid token found");
+            false
+        },
+        Err(err) => {
+            warn!(?err, "failed to try to load a builder id token");
+            false
+        },
+    }
 }
 
 pub async fn logout() -> Result<()> {

crates/q_cli/src/cli/mod.rs

@@ -439,6 +439,7 @@ impl Cli {
             }
         });
 
+        debug!("launching q chat binary");
         let exit_status = cmd.status().await?;
         let exit_code = exit_status
             .code()