Skip to content

feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 68 commits into
base: feature/flare-mega
Choose a base branch
from
Open

feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

wants to merge 68 commits into from

Conversation

liramon1
Copy link
Contributor

@liramon1 liramon1 commented Jun 17, 2025
edited by yuxianrz
Loading

Problem

The authentication flow does not make requests to IAM credentials endpoints on Flare and does not provide places for clients to input long-term IAM credentials or STS credentials.

Solution

  • Add IAM and STS credentials options to LanguageClientAuth requests
  • Add IAM credentials option and form to webview
  • Modify AuthUtils to switch between SsoLogin and IamLogin strategies
  • Modify clients to support IAM and STS credentials
  • Add IAM and STS credentials unit tests

This feature is split into multiple PRs (in order):

  1. feat(auth): add support for IAM profile management and flare endpoints #7659
  2. feat(auth): add STS credential management #7661

Meanwhile, we are making changes to language-servers and language-server-runtimes such that authentication for IAM credentials can happen on Flare side.

Tests will work with this version of language-server-runtimes:
https://github.com/liramon1/language-server-runtimes/tree/feature/flare-iam

and this version of language-servers:
https://github.com/liramon1/language-servers/tree/liramon/flare-iam

Please reference these when reviewing our work

License

I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions GitHub Actions
Copy link

  • This pull request implements a feat or fix, so it must include a changelog entry (unless the fix is for an unreleased feature). Review the changelog guidelines.
    • Note: beta or "experiment" features that have active users should announce fixes in the changelog.
    • If this is not a feature or fix, use an appropriate type from the title guidelines. For example, telemetry-only changes should use the telemetry type.

liramon1 and others added 17 commits June 17, 2025 16:08
@liramon1
undo unnecessary changes
eb3526a
@liramon1
undo more unnecessary changes
849006b
@liramon1
fix logout bug
1968d41
@liramon1
Fix bug where profile failed to be retrieved after signing out and ba…
06c5ad8 
…ck in
@liramon1
Fix region profile selector not triggering
60ffc92
@liramon1
Add support for IAM credentials to region profile manager
e1cfdc3
@yuxianrz
feat: remember iam access key
422d085
@liramon1
Revert unnecessary region profile changes
424a1af
@liramon1
Add limited IAM support for inline chat
9dbe490
@liramon1
Revert CredentialChangedKind for backwards compatibility
f044eb6
@yuxianrz
fix: fix missing autofill after disabling extension
7506ecc
@liramon1
Re-add session restore for IAM
ce07bd2
@liramon1
Add session token input to login flow
4d2b8b0
@liramon1
Add session tokens to auth2 logic
5830716
@liramon1
Replace profile deletion with iam invalidation
ef3745b
@liramon1
Rename loginOnInvalidToken
1ec8508
@liramon1
Rename getIamCredential options
0382876
This was referenced Jul 14, 2025
Open
Open
@yuxianrz yuxianrz marked this pull request as ready for review July 14, 2025 18:33
@yuxianrz yuxianrz requested review from a team as code owners July 14, 2025 18:33
liramon1 and others added 22 commits July 14, 2025 16:24
@liramon1
Add MFA code request handler
a6d98d3
@yuxianrz
add iam and sts unit tests
7284196
@liramon1
Fix getMfaCode request handler types
d8fdb25
@liramon1
Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…
e71ac60 
…scode into feature/flare-iam
@liramon1
Naming changes
5acb15e
@liramon1
Use toolkit MFA prompt in Q
77eb916
@yuxianrz
disable inline chat for iam login
8bf21d9
@liramon1
fix: sync changes with iam-credentials PR
ddf6866
@liramon1
Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…
7c920b1 
…scode into feature/flare-iam
@yuxianrz
revert unused change to connectionMetaData
01da622
@yuxianrz
fix auth2 unit test
2e4f529
@yuxianrz
fix chat-client-ui-types, runtimes and runtime types version
6cbe195
@liramon1
Decouple profile name from iamCredentialId
c78d9ee
@liramon1
Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…
4a7a90a 
…scode into feature/flare-iam
@liramon1
fix: fix unit test
aefd659
@liramon1
Fix error message typo
cefbb7c
@yuxianrz
fix eslint and update package.json
38dadca
@yuxianrz
Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…
0a052ad 
…scode into feature/flare-iam
@yuxianrz
emit telemetry for auth_iamOptionClick
7fe8fcc
@yuxianrz
fix eslint problems
5bfe0bf
@yuxianrz
fix emitIamClick according to new auth_signInOptionClcik
dfcc0b0
@yuxianrz
add credentialType to iam telemetry metadata and fix emitIamClick
ef56385
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@liramon1 liramon1

@yuxianrz yuxianrz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liramon1 @yuxianrz