🐛 handle creds better in solution server (konveyor#799)

Fixes konveyor#798 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a dedicated sign-in step (authenticate) to store credentials
before connecting.
* Connections can use an existing bearer token; tokens are exchanged and
refreshed automatically.
* VS Code: entering credentials triggers a solution server restart to
apply them.

* **Bug Fixes**
* More reliable reconnect/refresh handling that stops after failed
attempts.
  * Clear error when connecting without prior sign-in.
* Authentication-disabled mode now clears auth state and behaves
correctly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: David Zager <david.j.zager@gmail.com>

Author: djzager

agentic/src/clients/solutionServerClient.ts

@@ -106,7 +106,27 @@ export class SolutionServerClient {
     this.logger.info("Solution server configuration updated");
   }
 
-  public async connect(username?: string, password?: string): Promise<void> {
+  public async authenticate(username: string, password: string): Promise<void> {
+    if (!this.enabled) {
+      this.logger.info("Solution server is disabled, skipping authentication");
+      return;
+    }
+
+    if (!this.authEnabled) {
+      this.logger.info("Authentication is disabled");
+      return;
+    }
+
+    if (!username || !password) {
+      throw new SolutionServerClientError("No username or password provided");
+    }
+
+    this.username = username;
+    this.password = password;
+    this.logger.info("Credentials stored for authentication");
+  }
+
+  public async connect(): Promise<void> {
     if (!this.enabled) {
       this.logger.info("Solution server is disabled, skipping connection");
       return;
@@ -117,24 +137,24 @@ export class SolutionServerClient {
       this.sslBypassCleanup = this.applySSLBypass();
     }
 
+    // Handle authentication if required
     if (this.authEnabled) {
-      if (!username || !password) {
-        throw new SolutionServerClientError("No username or password provided");
+      // Only require credentials if we don't yet have a token
+      if (!this.bearerToken && (!this.username || !this.password)) {
+        throw new SolutionServerClientError("No credentials available. Call authenticate() first.");
       }
-      this.username = username;
-      this.password = password;
-
-      // Always get fresh tokens on startup/connect
-      try {
-        if (!this.bearerToken) {
+      // Exchange for tokens if we don't have one
+      if (!this.bearerToken) {
+        try {
           await this.exchangeForTokens();
+        } catch (error) {
+          this.logger.error("Failed to exchange for tokens", error);
+          throw error;
         }
-        this.startTokenRefreshTimer();
-      } catch (error) {
-        this.logger.error("Failed to exchange for tokens", error);
-        await this.disconnect();
-        return;
       }
+
+      // Ensure refresh timer is running (also after manual restarts)
+      this.startTokenRefreshTimer();
     }
 
     this.mcpClient = new Client(
@@ -803,11 +823,6 @@ export class SolutionServerClient {
       return;
     }
 
-    if (!this.username || !this.password) {
-      this.logger.warn("No auth config available for token refresh");
-      return;
-    }
-
     const url = new URL(this.serverUrl);
     const keycloakUrl = `${url.protocol}//${url.host}/auth`;
     const tokenUrl = `${keycloakUrl}/realms/${this.realm}/protocol/openid-connect/token`;
@@ -856,8 +871,7 @@ export class SolutionServerClient {
           this.logger.error("Error reconnecting to MCP solution server", error);
         }
       }
-
-      // Restart the refresh timer
+      // Always restart the refresh timer
       this.startTokenRefreshTimer();
     } catch (error) {
       this.logger.error("Token refresh failed", error);

vscode/src/commands.ts

@@ -36,8 +36,6 @@ import {
   getTraceDir,
   getConfigSolutionServerAuth,
   fileUriToPath,
-  updateSolutionServerConfig,
-  getConfigSolutionServer,
 } from "./utilities/configuration";
 import { EXTENSION_NAME } from "./utilities/constants";
 import { promptForCredentials } from "./utilities/auth";
@@ -792,13 +790,11 @@ const commandsMap: (
         return;
       }
 
-      await updateSolutionServerConfig({
-        auth: {
-          ...getConfigSolutionServer().auth,
-          ...credentials,
-        },
-      });
+      // Update the solution server client with new credentials
+      // (credentials are already stored by promptForCredentials)
+      await state.solutionServerClient.authenticate(credentials.username, credentials.password);
 
+      // Restart the connection with new credentials
       await executeExtensionCommand("restartSolutionServer");
       logger.info("Solution server credentials updated successfully.");
     },

vscode/src/extension.ts

@@ -613,7 +613,8 @@ class VsCodeExtension {
     }
 
     this.state.solutionServerClient
-      .connect(username, password)
+      .authenticate(username, password)
+      .then(() => this.state.solutionServerClient.connect())
       .then(() => {
         // Update state to reflect successful connection
         this.state.mutateData((draft) => {