Skip to content

telemetry(auth): emit metric for createToken #6115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rli merged 2 commits into from
Nov 21, 2025
+92 −19
Merged

telemetry(auth): emit metric for createToken #6115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9f2d37
telemetry(auth): emit metric for createToken
chungjac Nov 18, 2025
94fee61
adding httpStatusCode
chungjac Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ mockitoKotlin = "5.4.1-SNAPSHOT"
mockk = "1.13.17"
nimbus-jose-jwt = "9.40"
node-gradle = "7.0.2"
telemetryGenerator = "1.0.329"
telemetryGenerator = "1.0.338"
testLogger = "4.0.0"
testRetry = "1.5.10"
# test-only; platform provides slf4j transitively at runtime
Expand Down
67 changes: 57 additions & 10 deletions ...munity/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import com.intellij.openapi.progress.ProgressManager
import com.intellij.openapi.util.registry.Registry
import software.amazon.awssdk.auth.token.credentials.SdkTokenProvider
import software.amazon.awssdk.awscore.exception.AwsServiceException
import software.amazon.awssdk.core.exception.SdkServiceException
import software.amazon.awssdk.services.ssooidc.SsoOidcClient
import software.amazon.awssdk.services.ssooidc.model.AuthorizationPendingException
import software.amazon.awssdk.services.ssooidc.model.CreateTokenResponse
Expand Down Expand Up @@ -338,11 +339,34 @@ class SsoAccessTokenProvider(
throw ProcessCanceledException(IllegalStateException("Login canceled by user"))
}

val tokenResponse = client.createToken {
it.clientId(registration.clientId)
it.clientSecret(registration.clientSecret)
it.grantType(DEVICE_GRANT_TYPE)
it.deviceCode(authorization.deviceCode)
val startTime = clock.instant()
Copy link
Contributor

@rli rli Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use OTel for new metrics

Telemetry.auth.ssoTokenOperation { metric ->
    try {
        client.createToken {...}
        metric.grantType(...)
        // duration should be automatically calculated
    } catch (e: Exception) {
        metric.httpStatusCode(...)
        // reason/reasonDesc should be automatically populated but confirm
        throw e
    }
}

val tokenResponse = try {
client.createToken {
it.clientId(registration.clientId)
it.clientSecret(registration.clientSecret)
it.grantType(DEVICE_GRANT_TYPE)
it.deviceCode(authorization.deviceCode)
}.also {
val duration = Duration.between(startTime, clock.instant()).toMillis().toDouble()
AuthTelemetry.ssoTokenOperation(
result = Result.Succeeded,
grantType = DEVICE_GRANT_TYPE,
duration = duration
)
LOG.info { "SSO token operation succeeded: grantType=$DEVICE_GRANT_TYPE, duration=${duration}ms" }
}
} catch (e: Exception) {
val duration = Duration.between(startTime, clock.instant()).toMillis().toDouble()
AuthTelemetry.ssoTokenOperation(
result = Result.Failed,
grantType = DEVICE_GRANT_TYPE,
duration = duration,
reason = e::class.simpleName,
reasonDesc = e.message?.let { scrubNames(it) },
httpStatusCode = (e as? SdkServiceException)?.statusCode()?.toString()
)
LOG.warn { "SSO token operation failed: grantType=$DEVICE_GRANT_TYPE, duration=${duration}ms, error=${e::class.simpleName}" }
throw e
}

onPendingToken.tokenRetrieved()
Expand Down Expand Up @@ -459,11 +483,34 @@ class SsoAccessTokenProvider(

stageName = RefreshCredentialStage.CREATE_TOKEN
try {
val newToken = client.createToken {
it.clientId(registration.clientId)
it.clientSecret(registration.clientSecret)
it.grantType(REFRESH_GRANT_TYPE)
it.refreshToken(currentToken.refreshToken)
val startTime = clock.instant()
val newToken = try {
client.createToken {
it.clientId(registration.clientId)
it.clientSecret(registration.clientSecret)
it.grantType(REFRESH_GRANT_TYPE)
it.refreshToken(currentToken.refreshToken)
}.also {
val duration = Duration.between(startTime, clock.instant()).toMillis().toDouble()
AuthTelemetry.ssoTokenOperation(
result = Result.Succeeded,
grantType = REFRESH_GRANT_TYPE,
duration = duration
)
LOG.info { "SSO token operation succeeded: grantType=$REFRESH_GRANT_TYPE, duration=${duration}ms" }
}
} catch (e: Exception) {
val duration = Duration.between(startTime, clock.instant()).toMillis().toDouble()
AuthTelemetry.ssoTokenOperation(
result = Result.Failed,
grantType = REFRESH_GRANT_TYPE,
duration = duration,
reason = e::class.simpleName,
reasonDesc = e.message?.let { scrubNames(it) },
httpStatusCode = (e as? SdkServiceException)?.statusCode()?.toString()
)
LOG.warn { "SSO token operation failed: grantType=$REFRESH_GRANT_TYPE, duration=${duration}ms, error=${e::class.simpleName}" }
throw e
}

stageName = RefreshCredentialStage.GET_TOKEN_DETAILS
Expand Down
42 changes: 34 additions & 8 deletions ...nity/src/software/aws/toolkits/jetbrains/core/credentials/sso/pkce/ToolkitOAuthService.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import io.netty.handler.codec.http.QueryStringDecoder
import org.jetbrains.ide.BuiltInServerManager
import org.jetbrains.ide.RestService
import org.jetbrains.io.response
import software.amazon.awssdk.core.exception.SdkServiceException
import software.amazon.awssdk.regions.Region
import software.amazon.awssdk.services.ssooidc.endpoints.SsoOidcEndpointParams
import software.amazon.awssdk.services.ssooidc.endpoints.internal.DefaultSsoOidcEndpointProvider
Expand All @@ -32,10 +33,13 @@ import software.aws.toolkits.jetbrains.core.credentials.sso.PKCEAuthorizationGra
import software.aws.toolkits.jetbrains.core.credentials.sso.PKCEClientRegistration
import software.aws.toolkits.jetbrains.core.credentials.sso.bearer.buildUnmanagedSsoOidcClient
import software.aws.toolkits.jetbrains.core.gettingstarted.editor.SourceOfEntry
import software.aws.toolkits.jetbrains.services.telemetry.scrubNames
import software.aws.toolkits.resources.AwsCoreBundle
import software.aws.toolkits.telemetry.AuthTelemetry
import software.aws.toolkits.telemetry.AuthType
import software.aws.toolkits.telemetry.AwsTelemetry
import software.aws.toolkits.telemetry.MetricResult
import software.aws.toolkits.telemetry.Result
import java.math.BigInteger
import java.time.Instant
import java.util.Base64
Expand Down Expand Up @@ -149,15 +153,37 @@ internal class ToolkitOauthCredentialsAcquirer(
private val redirectUri: String,
) : OAuthCredentialsAcquirer<AccessToken> {
override fun acquireCredentials(code: String): OAuthCredentialsAcquirer.AcquireCredentialsResult<AccessToken> {
val token = buildUnmanagedSsoOidcClient(registration.region).use { client ->
client.createToken {
it.clientId(registration.clientId)
it.clientSecret(registration.clientSecret)
it.grantType("authorization_code")
it.redirectUri(redirectUri)
it.codeVerifier(codeVerifier)
it.code(code)
val grantType = "authorization_code"
val startTime = Instant.now()
val token = try {
buildUnmanagedSsoOidcClient(registration.region).use { client ->
client.createToken {
it.clientId(registration.clientId)
it.clientSecret(registration.clientSecret)
it.grantType(grantType)
it.redirectUri(redirectUri)
it.codeVerifier(codeVerifier)
it.code(code)
}.also {
val duration = java.time.Duration.between(startTime, Instant.now()).toMillis().toDouble()
AuthTelemetry.ssoTokenOperation(
result = Result.Succeeded,
grantType = grantType,
duration = duration
)
}
}
} catch (e: Exception) {
val duration = java.time.Duration.between(startTime, Instant.now()).toMillis().toDouble()
AuthTelemetry.ssoTokenOperation(
result = Result.Failed,
grantType = grantType,
duration = duration,
reason = e::class.simpleName,
reasonDesc = e.message?.let { scrubNames(it) },
httpStatusCode = (e as? SdkServiceException)?.statusCode()?.toString()
)
throw e
}

return OAuthCredentialsAcquirer.AcquireCredentialsResult.Success(
Expand Down
Loading