feat(core): Update all references to use new auth class using flare identity server for Amazon Q (#7088)

## Problem
The business logic of auth-related features is complex and implemented
separately for all IDEs. Flare/DEXP LSP server has implemented auth that
can be reused for all IDEs. The source code was introduced already
introduced in #6958 with
activation and client updates in
#7062. But the references
to `AuthUtil` through the codebase weren't updated yet.

## Solution
* Update all remaining references to `AuthUtil` in the codebase
* All `toolkits` unit tests are passing
* Disable telemetry and existing AuthUtil unit tests, to be updated in
follow-up PR
* `amazonq` and `web` unit tests still failing, to be addressed in
follow-up PR

**Note that CI is expected to fail for amazonq and web unit tests**



---

- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

---------

Co-authored-by: Justin M. Keyes <[email protected]>

Author: opieter-aws

packages/amazonq/src/app/amazonqScan/app.ts

@@ -19,6 +19,7 @@ import { Messenger } from './chat/controller/messenger/messenger'
 import { UIMessageListener } from './chat/views/actions/uiMessageListener'
 import { debounce } from 'lodash'
 import { Commands, placeholder } from 'aws-core-vscode/shared'
+import { auth2 } from 'aws-core-vscode/auth'
 
 export function init(appContext: AmazonQAppInitContext) {
     const scanChatControllerEventEmitters: ScanChatControllerEventEmitters = {
@@ -52,7 +53,7 @@ export function init(appContext: AmazonQAppInitContext) {
     appContext.registerWebViewToAppMessagePublisher(new MessagePublisher<any>(scanChatUIInputEventEmitter), 'review')
 
     const debouncedEvent = debounce(async () => {
-        const authenticated = (await AuthUtil.instance.getChatAuthState()).amazonQ === 'connected'
+        const authenticated = AuthUtil.instance.getAuthState() === 'connected'
         let authenticatingSessionID = ''
 
         if (authenticated) {
@@ -67,7 +68,7 @@ export function init(appContext: AmazonQAppInitContext) {
         messenger.sendAuthenticationUpdate(authenticated, [authenticatingSessionID])
     }, 500)
 
-    AuthUtil.instance.secondaryAuth.onDidChangeActiveConnection(() => {
+    AuthUtil.instance.onDidChangeConnectionState((e: auth2.AuthStateEvent) => {
         return debouncedEvent()
     })
     AuthUtil.instance.regionProfileManager.onDidChangeRegionProfile(() => {

packages/amazonq/src/app/amazonqScan/chat/controller/controller.ts

@@ -104,7 +104,7 @@ export class ScanController {
             telemetry.amazonq_feedback.emit({
                 featureId: 'amazonQReview',
                 amazonqConversationId: this.sessionStorage.getSession().scanUuid,
-                credentialStartUrl: AuthUtil.instance.startUrl,
+                credentialStartUrl: AuthUtil.instance.connection?.startUrl,
                 interactionType: data.vote,
             })
         })
@@ -122,8 +122,8 @@ export class ScanController {
         try {
             getLogger().debug(`Q - Review: Session created with id: ${session.tabID}`)
 
-            const authState = await AuthUtil.instance.getChatAuthState()
-            if (authState.amazonQ !== 'connected') {
+            const authState = AuthUtil.instance.getAuthState()
+            if (authState !== 'connected') {
                 void this.messenger.sendAuthNeededExceptionMessage(authState, tabID)
                 session.isAuthenticating = true
                 return
@@ -161,8 +161,8 @@ export class ScanController {
                 return
             }
             // check that the session is authenticated
-            const authState = await AuthUtil.instance.getChatAuthState()
-            if (authState.amazonQ !== 'connected') {
+            const authState = AuthUtil.instance.getAuthState()
+            if (authState !== 'connected') {
                 void this.messenger.sendAuthNeededExceptionMessage(authState, message.tabID)
                 session.isAuthenticating = true
                 return

packages/amazonq/src/app/amazonqScan/chat/controller/messenger/messenger.ts

@@ -10,7 +10,6 @@
 
 import { AuthFollowUpType, AuthMessageDataMap } from 'aws-core-vscode/amazonq'
 import {
-    FeatureAuthState,
     SecurityScanError,
     CodeWhispererConstants,
     SecurityScanStep,
@@ -34,6 +33,7 @@ import {
 import { i18n } from 'aws-core-vscode/shared'
 import { ScanAction, scanProgressMessage } from '../../../models/constants'
 import path from 'path'
+import { auth2 } from 'aws-core-vscode/auth'
 
 export type UnrecoverableErrorType = 'no-project-found' | 'no-open-file-found' | 'invalid-file-type'
 
@@ -78,19 +78,15 @@ export class Messenger {
         this.dispatcher.sendUpdatePromptProgress(new UpdatePromptProgressMessage(tabID, progressField))
     }
 
-    public async sendAuthNeededExceptionMessage(credentialState: FeatureAuthState, tabID: string) {
+    public async sendAuthNeededExceptionMessage(credentialState: auth2.AuthState, tabID: string) {
         let authType: AuthFollowUpType = 'full-auth'
         let message = AuthMessageDataMap[authType].message
 
-        switch (credentialState.amazonQ) {
-            case 'disconnected':
+        switch (credentialState) {
+            case 'notConnected':
                 authType = 'full-auth'
                 message = AuthMessageDataMap[authType].message
                 break
-            case 'unsupported':
-                authType = 'use-supported-auth'
-                message = AuthMessageDataMap[authType].message
-                break
             case 'expired':
                 authType = 're-auth'
                 message = AuthMessageDataMap[authType].message

packages/amazonq/src/inlineChat/provider/inlineChatProvider.ts

@@ -123,10 +123,8 @@ export class InlineChatProvider {
 
         const tabID = triggerEvent.tabID
 
-        const credentialsState = await AuthUtil.instance.getChatAuthState()
-        if (
-            !(credentialsState.codewhispererChat === 'connected' && credentialsState.codewhispererCore === 'connected')
-        ) {
+        const credentialsState = AuthUtil.instance.getAuthState()
+        if (credentialsState !== 'connected') {
             const { message } = extractAuthFollowUp(credentialsState)
             this.errorEmitter.fire()
             throw new ToolkitError(message)

packages/amazonq/src/lsp/activation.ts

@@ -6,7 +6,7 @@
 import vscode from 'vscode'
 import { clientId, encryptionKey, startLanguageServer } from './client'
 import { AmazonQLspInstaller } from './lspInstaller'
-import { lspSetupStage, ToolkitError } from 'aws-core-vscode/shared'
+import { lspSetupStage, ToolkitError, messages } from 'aws-core-vscode/shared'
 import { AuthUtil } from 'aws-core-vscode/codewhisperer'
 import { auth2 } from 'aws-core-vscode/auth'
 

packages/amazonq/src/lsp/chat/messages.ts

@@ -122,7 +122,7 @@ export function registerMessageListeners(
 
                 if (fullAuthTypes.includes(authType)) {
                     try {
-                        await AuthUtil.instance.secondaryAuth.deleteConnection()
+                        await AuthUtil.instance.logout()
                     } catch (e) {
                         languageClient.error(
                             `[VSCode Client] Failed to authenticate after AUTH_FOLLOW_UP_CLICKED: ${(e as Error).message}`

packages/amazonq/test/e2e/amazonq/utils/setup.ts

@@ -5,9 +5,9 @@
 import { AuthUtil } from 'aws-core-vscode/codewhisperer'
 
 export async function loginToIdC() {
-    const authState = await AuthUtil.instance.getChatAuthState()
+    const authState = AuthUtil.instance.getAuthState()
     if (process.env['AWS_TOOLKIT_AUTOMATION'] === 'local') {
-        if (authState.amazonQ !== 'connected') {
+        if (authState !== 'connected') {
             throw new Error('You will need to login manually before running tests.')
         }
         return
@@ -22,5 +22,5 @@ export async function loginToIdC() {
         )
     }
 
-    await AuthUtil.instance.connectToEnterpriseSso(startUrl, region)
+    await AuthUtil.instance.login(startUrl, region)
 }

packages/amazonq/test/unit/amazonq/lsp/chat/messages.test.ts

@@ -8,7 +8,7 @@ import { LanguageClient } from 'vscode-languageclient'
 import { AuthUtil } from 'aws-core-vscode/codewhisperer'
 import { registerMessageListeners } from '../../../../../src/lsp/chat/messages'
 import { AmazonQChatViewProvider } from '../../../../../src/lsp/chat/webviewProvider'
-import { secondaryAuth, authConnection, AuthFollowUpType } from 'aws-core-vscode/amazonq'
+import { AuthFollowUpType } from 'aws-core-vscode/amazonq'
 import { messages } from 'aws-core-vscode/shared'
 
 describe('registerMessageListeners', () => {
@@ -50,7 +50,7 @@ describe('registerMessageListeners', () => {
 
     describe('AUTH_FOLLOW_UP_CLICKED', () => {
         let mockAuthUtil: AuthUtil
-        let deleteConnectionStub: sinon.SinonStub
+        let logoutStub: sinon.SinonStub
         let reauthenticateStub: sinon.SinonStub
 
         const authFollowUpClickedCommand = 'authFollowUpClicked'
@@ -76,14 +76,12 @@ describe('registerMessageListeners', () => {
         }
 
         beforeEach(() => {
-            deleteConnectionStub = sandbox.stub().resolves()
             reauthenticateStub = sandbox.stub().resolves()
+            logoutStub = sandbox.stub().resolves()
 
             mockAuthUtil = {
                 reauthenticate: reauthenticateStub,
-                secondaryAuth: {
-                    deleteConnection: deleteConnectionStub,
-                } as unknown as secondaryAuth.SecondaryAuth<authConnection.Connection>,
+                logout: logoutStub,
             } as unknown as AuthUtil
 
             sandbox.replaceGetter(AuthUtil, 'instance', () => mockAuthUtil)
@@ -98,7 +96,7 @@ describe('registerMessageListeners', () => {
             })
 
             sinon.assert.calledOnce(reauthenticateStub)
-            sinon.assert.notCalled(deleteConnectionStub)
+            sinon.assert.notCalled(logoutStub)
         })
 
         it('handles full authentication request', async () => {
@@ -110,7 +108,7 @@ describe('registerMessageListeners', () => {
             })
 
             sinon.assert.notCalled(reauthenticateStub)
-            sinon.assert.calledOnce(deleteConnectionStub)
+            sinon.assert.calledOnce(logoutStub)
         })
 
         it('logs error if re-authentication fails', async () => {
@@ -124,7 +122,7 @@ describe('registerMessageListeners', () => {
         it('logs error if full authentication fails', async () => {
             await testFailure({
                 authType: 'full-auth',
-                stubToReject: deleteConnectionStub,
+                stubToReject: logoutStub,
                 errorMessage: 'Failed to authenticate',
             })
         })