fix(auth): debounce getToken() function

nkomonen-amazon · nkomonen-amazon · commit ce410ea1303c · 2024-12-20T12:02:45.000-05:00
Problem:

The Identity team noticed a large spike in token refreshes for specific users.
One user would trigger refresh over 50 times within a few seconds.

Solution:

The telemetry showed that `getChatAuthState()` was being called many times in a
short period. This eventually triggered the token refresh logic many times, if the token was
expired.

The solution is to add a debounce to `getToken()` which calls the refresh logic.
- `debounce()` only accepts functions without any args, the refresh logic requires args
- `getToken()` will also load from disk is the token is not expired, so debouncing here
  saves disk I/O as well.

The current debounce interval is 100 milliseconds, which based on telemetry should be enough to capture the barrage of calls.

Signed-off-by: nkomonen-amazon &lt;nkomonen@amazon.com&gt;
diff --git a/packages/core/src/auth/sso/ssoAccessTokenProvider.ts b/packages/core/src/auth/sso/ssoAccessTokenProvider.ts
@@ -33,7 +33,7 @@ import { randomUUID } from '../../shared/crypto'
 import { getExtRuntimeContext } from '../../shared/vscode/env'
 import { showInputBox } from '../../shared/ui/inputPrompter'
 import { AmazonQPromptSettings, DevSettings, PromptSettings, ToolkitPromptSettings } from '../../shared/settings'
-import { onceChanged } from '../../shared/utilities/functionUtils'
+import { debounce, onceChanged } from '../../shared/utilities/functionUtils'
 import { NestedMap } from '../../shared/utilities/map'
 import { asStringifiedStack } from '../../shared/telemetry/spans'
 import { showViewLogsMessage } from '../../shared/utilities/messages'
@@ -97,7 +97,13 @@ export abstract class SsoAccessTokenProvider {
         this.reAuthState.set(this.profile, { reAuthReason: `invalidate():${reason}` })
     }
 
-    public async getToken(): Promise<SsoToken | undefined> {
+    /**
+     * Sometimes we get many calls at once and this
+     * can trigger redundant disk reads, or token refreshes.
+     * We debounce to avoid this.
+     */
+    public getToken = debounce(this._getToken.bind(this), 100)
+    public async _getToken(): Promise<SsoToken | undefined> {
         const data = await this.cache.token.load(this.tokenCacheKey)
         SsoAccessTokenProvider.logIfChanged(
             indent(
