feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

liramon1 · 2025-06-17T19:08:52Z

Problem

The authentication flow does not make requests to IAM credentials endpoints on Flare and does not provide places for clients to input long-term IAM credentials or STS credentials.

Solution

Add IAM and STS credentials options to LanguageClientAuth requests
Add IAM credentials option and form to webview
Modify AuthUtils to switch between SsoLogin and IamLogin strategies
Modify clients to support IAM and STS credentials
Add IAM and STS credentials unit tests

This feature is split into multiple PRs (in order):

Meanwhile, we are making changes to language-servers and language-server-runtimes such that authentication for IAM credentials can happen on Flare side.

Tests will work with this version of language-server-runtimes:
https://github.com/liramon1/language-server-runtimes/tree/feature/flare-iam

and this version of language-servers:
https://github.com/liramon1/language-servers/tree/liramon/flare-iam

Please reference these when reviewing our work

License

I confirm that my contribution is made under the terms of the Apache 2.0 license.

…/flare-iam

github-actions · 2025-06-17T19:10:37Z

This pull request implements a feat or fix, so it must include a changelog entry (unless the fix is for an unreleased feature). Review the changelog guidelines.
- Note: beta or "experiment" features that have active users should announce fixes in the changelog.
- If this is not a feature or fix, use an appropriate type from the title guidelines. For example, telemetry-only changes should use the telemetry type.

…ck in

…scode into feature/flare-iam

#7659) ## Problem The webview does not support IAM credentials input and endpoint to LSP does not support IAM credentials and IAM profiles. ## Solution This is part of #7507. - Add IAM credentials option and form to webview - Modify AuthUtils to switch between SsoLogin and IamLogin strategies - Add startIamCredentialSetup in backend_amazonq Meanwhile, we are making changes to language-servers and language-server-runtimes such that authentication for IAM credentials can happen on Flare side. working branches: https://github.com/liramon1/language-server-runtimes/tree/feature/flare-iam https://github.com/liramon1/language-servers/tree/liramon/flare-iam Current PR built upon flare-mega branch and is working to merge with flare-mega branch. This PR fails a web test that flare-mega branch is also failing, at the same place. --- - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

liramon1 and others added 10 commits June 5, 2025 17:24

Add webviews for Amazon Q IAM credentials option and form

ab47a46

Implement IAM setup function

eeebd0b

Make AuthUtils session switch between SsoLogin, IamLogin, and undefined

61c1138

Start implementing IamLogin class

146a95f

Remove iamSessions from profiles

eb0be34

Implement updateIamProfile and change STS references to IAM

a241b1c

Implement _getIamCredential and its callers

e923bad

fix(amazonq): delete iam profile when logout

2dabb43

start modifying auth2 consumers

ff181f4

Merge remote-tracking branch 'origin/feature/flare-mega' into feature…

f61bcee

…/flare-iam

liramon1 assigned liramon1 and yuxianrz Jun 17, 2025

liramon1 and others added 17 commits June 17, 2025 16:08

undo unnecessary changes

eb3526a

undo more unnecessary changes

849006b

fix logout bug

1968d41

Fix bug where profile failed to be retrieved after signing out and ba…

06c5ad8

…ck in

Fix region profile selector not triggering

60ffc92

Add support for IAM credentials to region profile manager

e1cfdc3

feat: remember iam access key

422d085

Revert unnecessary region profile changes

424a1af

Add limited IAM support for inline chat

9dbe490

Revert CredentialChangedKind for backwards compatibility

f044eb6

fix: fix missing autofill after disabling extension

7506ecc

Re-add session restore for IAM

ce07bd2

Add session token input to login flow

4d2b8b0

Add session tokens to auth2 logic

5830716

Replace profile deletion with iam invalidation

ef3745b

Rename loginOnInvalidToken

1ec8508

Rename getIamCredential options

0382876

yuxianrz and others added 29 commits July 15, 2025 10:55

add iam and sts unit tests

7284196

Fix getMfaCode request handler types

d8fdb25

Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…

e71ac60

…scode into feature/flare-iam

Naming changes

5acb15e

Use toolkit MFA prompt in Q

77eb916

disable inline chat for iam login

8bf21d9

fix: sync changes with iam-credentials PR

ddf6866

Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…

7c920b1

…scode into feature/flare-iam

revert unused change to connectionMetaData

01da622

fix auth2 unit test

2e4f529

fix chat-client-ui-types, runtimes and runtime types version

6cbe195

Decouple profile name from iamCredentialId

c78d9ee

Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…

4a7a90a

…scode into feature/flare-iam

fix: fix unit test

aefd659

Fix error message typo

cefbb7c

fix eslint and update package.json

38dadca

Merge branch 'feature/flare-iam' of github.com:liramon1/aws-toolkit-v…

0a052ad

…scode into feature/flare-iam

emit telemetry for auth_iamOptionClick

7fe8fcc

fix eslint problems

5bfe0bf

fix emitIamClick according to new auth_signInOptionClcik

dfcc0b0

add credentialType to iam telemetry metadata and fix emitIamClick

ef56385

send telemetry when attempts to use inline chat with IAM auth

1b28bf8

change login_sso and login_iam, fix auth2.ts

c4acf81

fix incorrect connection message

9826566

feat: enable mfa serial input in pop up window

0948746

fix: wrong prompt for mfa serial input

af80c9d

fix: debug telemetry

6989096

Move MFA handler to auth2

88eb779

Move auth2 encryption to LanguageClientAuth

b51ea11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

Uh oh!

liramon1 commented Jun 17, 2025 •

edited by yuxianrz

Loading

Uh oh!

github-actions bot commented Jun 17, 2025

Uh oh!

Uh oh!

feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

Are you sure you want to change the base?

feat(auth): add IAM credentials LSP requests to AuthUtils and auth2 #7507

Uh oh!

Conversation

liramon1 commented Jun 17, 2025 • edited by yuxianrz Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Problem

Solution

License

Uh oh!

github-actions bot commented Jun 17, 2025

Uh oh!

Uh oh!

liramon1 commented Jun 17, 2025 •

edited by yuxianrz

Loading