telemetry(auth): emit metric for createToken

chungjac · chungjac · commit 1a22c993f738 · 2025-11-20T16:11:54.000-08:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -42,7 +42,7 @@
         "scan-licenses": "ts-node ./scripts/scan-licenses.ts"
     },
     "devDependencies": {
-        "@aws-toolkits/telemetry": "^1.0.329",
+        "@aws-toolkits/telemetry": "^1.0.338",
         "@playwright/browser-chromium": "^1.43.1",
         "@stylistic/eslint-plugin": "^2.11.0",
         "@types/he": "^1.2.3",
diff --git a/packages/core/src/auth/sso/clients.ts b/packages/core/src/auth/sso/clients.ts
@@ -36,6 +36,8 @@ import { AuthenticationFlow } from './model'
 import { toSnakeCase } from '../../shared/utilities/textUtilities'
 import { getUserAgent, withTelemetryContext } from '../../shared/telemetry/util'
 import { oneSecond } from '../../shared/datetime'
+import { telemetry } from '../../shared/telemetry/telemetry'
+import { getTelemetryReason, getTelemetryReasonDesc } from '../../shared/errors'
 
 export class OidcClient {
     public constructor(
@@ -86,15 +88,38 @@ export class OidcClient {
     }
 
     public async createToken(request: CreateTokenRequest) {
+        const startTime = this.clock.Date.now()
+        const grantType = request.grantType
+
         let response
         try {
             response = await this.client.createToken(request as CreateTokenRequest)
         } catch (err) {
+            const reason = getTelemetryReason(err)
+            telemetry.auth_ssoTokenOperation.emit({
+                result: 'Failed',
+                grantType: grantType ?? 'unknown',
+                duration: this.clock.Date.now() - startTime,
+                ...(reason !== 'ENOTFOUND' && reason !== 'TimeoutError' ? { reason } : {}),
+            })
+
+            getLogger().error(`sso-oidc: createToken failed (grantType=${grantType}): ${err}`)
+
             const newError = AwsClientResponseError.instanceIf(err)
             throw newError
         }
         assertHasProps(response, 'accessToken', 'expiresIn')
 
+        telemetry.auth_ssoTokenOperation.emit({
+            result: 'Succeeded',
+            grantType: grantType ?? 'unknown',
+            duration: this.clock.Date.now() - startTime,
+        })
+
+        getLogger().debug(
+            `sso-oidc: createToken succeeded (grantType=${grantType}, requestId=${response.$metadata.requestId})`
+        )
+
         return {
             ...selectFrom(response, 'accessToken', 'refreshToken', 'tokenType'),
             requestId: response.$metadata.requestId,
