Add flag to indicate reauth in metrics (#4819)

* Add flag to indicate reauth

* feedback

* unused lines deleted

* fixed tests

Author: manodnyab

plugins/amazonq/chat/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/explorerActions/SignInToQAction.kt

@@ -39,7 +39,7 @@ abstract class SignInToQActionBase(actionName: String) : DumbAwareAction(actionN
         UiTelemetry.click(project, "auth_start_Q")
         val connectionManager = ToolkitConnectionManager.getInstance(project)
         connectionManager.activeConnectionForFeature(QConnection.getInstance())?.let {
-            reauthConnectionIfNeeded(project, it)
+            reauthConnectionIfNeeded(project, it, isReAuth = true)
         } ?: run {
             runInEdt {
                 if (requestCredentialsForQ(project)) {

plugins/amazonq/codewhisperer/jetbrains-community/src/software/aws/toolkits/jetbrains/services/codewhisperer/util/CodeWhispererUtil.kt

@@ -273,7 +273,7 @@ object CodeWhispererUtil {
         val connection = ToolkitConnectionManager.getInstance(project).activeConnectionForFeature(CodeWhispererConnection.getInstance())
         if (connection !is ManagedBearerSsoConnection) return
         pluginAwareExecuteOnPooledThread {
-            reauthConnectionIfNeeded(project, connection)
+            reauthConnectionIfNeeded(project, connection, isReAuth = true)
         }
     }
 

plugins/amazonq/codewhisperer/jetbrains-community/tst/software/aws/toolkits/jetbrains/services/codewhisperer/util/CodeWhispererUtilTest.kt

@@ -51,7 +51,7 @@ class CodeWhispererUtilTest {
         CodeWhispererUtil.reconnectCodeWhisperer(projectExtension.project)
 
         verify {
-            reauthConnectionIfNeeded(projectExtension.project, mockConnection)
+            reauthConnectionIfNeeded(projectExtension.project, mockConnection, isReAuth = true)
         }
     }
 }

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/LoginUtils.kt

@@ -22,6 +22,7 @@ import software.aws.toolkits.jetbrains.core.AwsClientManager
 import software.aws.toolkits.jetbrains.core.credentials.profiles.SsoSessionConstants
 import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_REGION
 import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_URL
+import software.aws.toolkits.jetbrains.core.credentials.sono.isSono
 import software.aws.toolkits.jetbrains.core.credentials.sso.bearer.InteractiveBearerTokenProvider
 import software.aws.toolkits.jetbrains.utils.runUnderProgressIfNeeded
 import software.aws.toolkits.resources.AwsCoreBundle
@@ -245,3 +246,6 @@ fun messageFromConfigFacadeError(e: Exception): Pair<String, String> {
 
     return errorMessage to errorType
 }
+
+fun getCredentialIdForTelemetry(connection: ToolkitConnection): CredentialSourceId =
+    if (connection.isSono()) CredentialSourceId.AwsId else CredentialSourceId.IamIdentityCenter

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/ToolkitAuthManager.kt

@@ -120,6 +120,7 @@ fun loginSso(
     onSuccess: () -> Unit = {},
     metadata: ConnectionMetadata? = null
 ): AwsBearerTokenConnection? {
+    val source = metadata
     fun createAndAuthNewConnection(profile: AuthProfile): AwsBearerTokenConnection? {
         val authManager = ToolkitAuthManager.getInstance()
         val connection = try {
@@ -129,19 +130,6 @@ fun loginSso(
                     connection = transientConnection,
                     onPendingToken = onPendingToken,
                 )
-                recordLoginWithBrowser(
-                    credentialStartUrl = transientConnection.startUrl,
-                    credentialSourceId = CredentialSourceId.AwsId,
-                    isReAuth = true,
-                    result = Result.Succeeded,
-                    source = metadata?.sourceId
-                )
-                recordAddConnection(
-                    credentialSourceId = CredentialSourceId.AwsId,
-                    isReAuth = true,
-                    result = Result.Failed,
-                    source = metadata?.sourceId
-                )
             }
         } catch (e: Exception) {
             onError(e)
@@ -191,6 +179,7 @@ fun loginSso(
         reauthConnectionIfNeeded(
             project = project,
             connection = connection,
+            isReAuth = true
         )
         return connection
     } ?: run {
@@ -243,15 +232,46 @@ fun reauthConnectionIfNeeded(
     project: Project?,
     connection: ToolkitConnection,
     onPendingToken: (InteractiveBearerTokenProvider) -> Unit = {},
+    isReAuth: Boolean = false
 ): BearerTokenProvider {
     val tokenProvider = (connection.getConnectionSettings() as TokenConnectionSettings).tokenProvider.delegate as BearerTokenProvider
     if (tokenProvider is InteractiveBearerTokenProvider) {
         onPendingToken(tokenProvider)
     }
 
+    val startUrl = (connection as AwsBearerTokenConnection).startUrl
     maybeReauthProviderIfNeeded(project, tokenProvider) {
         runUnderProgressIfNeeded(project, AwsCoreBundle.message("credentials.pending.title"), true) {
-            tokenProvider.reauthenticate()
+            try {
+                tokenProvider.reauthenticate()
+                if (isReAuth) {
+                    recordLoginWithBrowser(
+                        credentialStartUrl = startUrl,
+                        credentialSourceId = getCredentialIdForTelemetry(connection),
+                        isReAuth = true,
+                        result = Result.Succeeded
+                    )
+                    recordAddConnection(
+                        credentialSourceId = getCredentialIdForTelemetry(connection),
+                        isReAuth = true,
+                        result = Result.Succeeded
+                    )
+                }
+            } catch (e: Exception) {
+                if (isReAuth) {
+                    recordLoginWithBrowser(
+                        credentialStartUrl = startUrl,
+                        credentialSourceId = getCredentialIdForTelemetry(connection),
+                        isReAuth = true,
+                        result = Result.Failed
+                    )
+                    recordAddConnection(
+                        credentialSourceId = getCredentialIdForTelemetry(connection),
+                        isReAuth = true,
+                        result = Result.Failed
+                    )
+                }
+            }
         }
     }
     return tokenProvider

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/gettingstarted/GettingStartedAuthUtils.kt

@@ -225,7 +225,7 @@ fun reauthenticateWithQ(project: Project) {
     val connection = ToolkitConnectionManager.getInstance(project).activeConnectionForFeature(QConnection.getInstance())
     if (connection !is ManagedBearerSsoConnection) return
     pluginAwareExecuteOnPooledThread {
-        reauthConnectionIfNeeded(project, connection)
+        reauthConnectionIfNeeded(project, connection, isReAuth = true)
     }
 }
 

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/webview/LoginBrowser.kt

@@ -33,6 +33,7 @@ import software.aws.toolkits.jetbrains.core.credentials.pinning.CodeCatalystConn
 import software.aws.toolkits.jetbrains.core.credentials.pinning.QConnection
 import software.aws.toolkits.jetbrains.core.credentials.reauthConnectionIfNeeded
 import software.aws.toolkits.jetbrains.core.credentials.sono.CODECATALYST_SCOPES
+import software.aws.toolkits.jetbrains.core.credentials.sono.IDENTITY_CENTER_ROLE_ACCESS_SCOPE
 import software.aws.toolkits.jetbrains.core.credentials.sono.Q_SCOPES
 import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_URL
 import software.aws.toolkits.jetbrains.core.credentials.sso.PendingAuthorization
@@ -154,21 +155,28 @@ abstract class LoginBrowser(
         else -> ""
     }
 
-    private fun isReAuth(scopes: List<String>): Boolean = ToolkitConnectionManager.getInstance(project)
+    private fun isReAuth(scopes: List<String>, requestedStartUrl: String): Boolean = ToolkitConnectionManager.getInstance(project)
         .let {
+            val qConnection = it.activeConnectionForFeature(QConnection.getInstance()) as AwsBearerTokenConnection?
+            val codeCatalystConnection = it.activeConnectionForFeature(CodeCatalystConnection.getInstance()) as AwsBearerTokenConnection?
             if (scopes.toSet().intersect(Q_SCOPES.toSet()).isNotEmpty()) {
-                it.activeConnectionForFeature(QConnection.getInstance()) != null
+                qConnection != null && qConnection.startUrl == requestedStartUrl
             } else if (scopes.toSet().intersect(CODECATALYST_SCOPES.toSet()).isNotEmpty()) {
-                it.activeConnectionForFeature(CodeCatalystConnection.getInstance()) != null
+                codeCatalystConnection != null && codeCatalystConnection.startUrl == requestedStartUrl
             } else {
-                val activeCon = it.activeConnection()
-                val ccCon = it.activeConnectionForFeature(CodeCatalystConnection.getInstance())
-                val qCon = it.activeConnectionForFeature(QConnection.getInstance())
-                activeCon != null && activeCon != ccCon && activeCon != qCon
+                if (it.activeConnection() is AwsBearerTokenConnection) {
+                    val activeCon = it.activeConnection() as? AwsBearerTokenConnection
+                    return activeCon?.scopes?.toSet()?.intersect(IDENTITY_CENTER_ROLE_ACCESS_SCOPE.toSet())?.isNotEmpty() == true &&
+                        activeCon != qConnection &&
+                        activeCon != codeCatalystConnection
+                } else {
+                    return false
+                }
             }
         }
 
     open fun loginBuilderId(scopes: List<String>) {
+        val isReauth = isReAuth(scopes, SONO_URL)
         val onError: (Exception) -> Unit = { e ->
             stopAndClearBrowserOpenTimer()
             isUserCancellation(e)
@@ -177,12 +185,14 @@ abstract class LoginBrowser(
                 credentialStartUrl = SONO_URL,
                 result = Result.Failed,
                 reason = e.message,
-                credentialSourceId = CredentialSourceId.AwsId
+                credentialSourceId = CredentialSourceId.AwsId,
+                isReAuth = isReauth
             )
             AuthTelemetry.addConnection(
                 result = Result.Failed,
                 credentialSourceId = CredentialSourceId.AwsId,
-                reason = e.message
+                reason = e.message,
+                isReAuth = isReauth
             )
         }
         val onSuccess: () -> Unit = {
@@ -191,11 +201,13 @@ abstract class LoginBrowser(
                 project = null,
                 credentialStartUrl = SONO_URL,
                 result = Result.Succeeded,
-                credentialSourceId = CredentialSourceId.AwsId
+                credentialSourceId = CredentialSourceId.AwsId,
+                isReAuth = isReauth
             )
             AuthTelemetry.addConnection(
                 result = Result.Succeeded,
-                credentialSourceId = CredentialSourceId.AwsId
+                credentialSourceId = CredentialSourceId.AwsId,
+                isReAuth = isReauth
             )
         }
 
@@ -208,7 +220,20 @@ abstract class LoginBrowser(
 
     open fun loginIdC(url: String, region: AwsRegion, scopes: List<String>) {
         // assumes scopes contains either Q or non-Q permissions but not both
-        val isReAuth = isReAuth(scopes)
+        val (onError: (Exception) -> Unit, onSuccess: () -> Unit) = getSuccessAndErrorActionsForIdcLogin(scopes, url, region)
+        loginWithBackgroundContext {
+            Login
+                .IdC(url, region, scopes, onPendingToken, onSuccess, onError)
+                .login(project)
+        }
+    }
+
+    fun getSuccessAndErrorActionsForIdcLogin(
+        scopes: List<String>,
+        url: String,
+        region: AwsRegion
+    ): Pair<(Exception) -> Unit, () -> Unit> {
+        val isReAuth = isReAuth(scopes, url)
 
         val onError: (Exception) -> Unit = { e ->
             stopAndClearBrowserOpenTimer()
@@ -257,11 +282,7 @@ abstract class LoginBrowser(
                 credentialSourceId = CredentialSourceId.IamIdentityCenter
             )
         }
-        loginWithBackgroundContext {
-            Login
-                .IdC(url, region, scopes, onPendingToken, onSuccess, onError)
-                .login(project)
-        }
+        return Pair(onError, onSuccess)
     }
 
     open fun loginIAM(profileName: String, accessKey: String, secretKey: String) {
@@ -330,7 +351,7 @@ abstract class LoginBrowser(
     protected fun reauth(connection: ToolkitConnection?) {
         if (connection is AwsBearerTokenConnection) {
             loginWithBackgroundContext {
-                reauthConnectionIfNeeded(project, connection, onPendingToken)
+                reauthConnectionIfNeeded(project, connection, onPendingToken, isReAuth = true)
             }
             stopAndClearBrowserOpenTimer()
         }

plugins/toolkit/jetbrains-core/src/software/aws/toolkits/jetbrains/core/credentials/ConnectionSettingsMenuBuilder.kt

@@ -244,7 +244,7 @@ class ConnectionSettingsMenuBuilder private constructor() {
             addAll(
                 object : DumbAwareAction(message("credentials.individual_identity.reconnect")) {
                     override fun actionPerformed(e: AnActionEvent) {
-                        reauthConnectionIfNeeded(e.project, value)
+                        reauthConnectionIfNeeded(e.project, value, isReAuth = true)
 
                         ToolkitConnectionManager.getInstance(e.project).switchConnection(value)
                     }

plugins/toolkit/jetbrains-core/src/software/aws/toolkits/jetbrains/core/explorer/devToolsTab/nodes/actions/SonoLogin.kt

@@ -23,7 +23,7 @@ class SonoLogin : DumbAwareAction(AllIcons.Actions.Execute) {
         pluginAwareExecuteOnPooledThread {
             val connectionManager = ToolkitConnectionManager.getInstance(project)
             connectionManager.activeConnectionForFeature(CodeCatalystConnection.getInstance())?.let {
-                reauthConnectionIfNeeded(project, it)
+                reauthConnectionIfNeeded(project, it, isReAuth = true)
                 project.refreshDevToolTree()
             } ?: run {
                 runInEdt {

plugins/toolkit/jetbrains-core/src/software/aws/toolkits/jetbrains/core/explorer/webview/ToolkitLoginWebview.kt

@@ -12,7 +12,6 @@ import com.intellij.openapi.application.runInEdt
 import com.intellij.openapi.components.Service
 import com.intellij.openapi.components.service
 import com.intellij.openapi.project.Project
-import com.intellij.openapi.ui.Messages
 import com.intellij.openapi.util.Disposer
 import com.intellij.ui.JBColor
 import com.intellij.ui.components.JBTextArea
@@ -47,7 +46,6 @@ import software.aws.toolkits.jetbrains.core.credentials.pinning.CodeCatalystConn
 import software.aws.toolkits.jetbrains.core.credentials.sono.CODECATALYST_SCOPES
 import software.aws.toolkits.jetbrains.core.credentials.sono.IDENTITY_CENTER_ROLE_ACCESS_SCOPE
 import software.aws.toolkits.jetbrains.core.credentials.sono.isSono
-import software.aws.toolkits.jetbrains.core.credentials.ssoErrorMessageFromException
 import software.aws.toolkits.jetbrains.core.explorer.showExplorerTree
 import software.aws.toolkits.jetbrains.core.gettingstarted.IdcRolePopup
 import software.aws.toolkits.jetbrains.core.gettingstarted.IdcRolePopupState
@@ -307,19 +305,7 @@ class ToolkitWebviewBrowser(val project: Project, private val parentDisposable:
     }
 
     override fun loginIdC(url: String, region: AwsRegion, scopes: List<String>) {
-        val onIdCError: (Exception) -> Unit = { e ->
-            stopAndClearBrowserOpenTimer()
-            if (!isUserCancellation(e)) {
-                runInEdt {
-                    Messages.showErrorDialog(jcefBrowser.component, ssoErrorMessageFromException(e), "Failed to Authenticate")
-                }
-            }
-            // TODO: telemetry
-        }
-        val onIdCSuccess: () -> Unit = {
-            stopAndClearBrowserOpenTimer()
-            // TODO: telemetry
-        }
+        val (onIdCError: (Exception) -> Unit, onIdCSuccess: () -> Unit) = getSuccessAndErrorActionsForIdcLogin(scopes, url, region)
 
         val login = Login.IdC(url, region, scopes, onPendingToken, onIdCSuccess, onIdCError)