Adds authentication support for the extension in playground environme…

…nts (stateful#1759) Adds authentication support for the extension in playground environments, integrating cloud token validation and enabling token retrieval from callback URLs dispatched by the cloud. Key changes include: - **Auth Token Handling:** Simplified by removing unused refresh token logic, as the access-token has an extended lifespan. - **Load from Secrets:** An instance method now checks tokens against playground secrets, using the cloud endpoint for validation. - **Callback Integration:** Supports token recovery from cloud callback URLs, enhancing seamless access when the user is already Authenticated in the Cloud. --------- Co-authored-by: Sebastian Tiedtke <sebastiantiedtke@gmail.com>
hotpocket · Nov 5, 2024 · f0525a6 · f0525a6
1 parent c8cb5e7
commit f0525a6
Show file tree

Hide file tree

Showing 9 changed files with 299 additions and 120 deletions.
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,4 @@ examples/.vscode
 assets
 .venv
 **/*-01*.md
+secrets
diff --git a/.vscodeignore b/.vscodeignore
@@ -18,3 +18,4 @@ tests
 coverage
 dagger
 dagger.json
+secrets
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -966,11 +966,6 @@
             "default": true,
             "markdownDescription": "If set to `true` enables Stateful Authentication Provider"
           },
-          "runme.aiBaseURL": {
-            "type": "string",
-            "default": "http://localhost:8877/api",
-            "description": "The base URL of the AI service."
-          },
           "runme.serializerAddress": {
             "type": "string",
             "default": "http://localhost:1234/connect",
@@ -981,6 +976,20 @@
             "scope": "window",
             "default": "https://docs.runme.dev",
             "markdownDescription": "Documentation Base URL"
+          },
+          "runme.app.authTokenPath": {
+            "type": "string",
+            "markdownDescription": "Specifies the path to an auth token file to bootstrap a Stateful auth session"
+          },
+          "runme.app.deleteAuthToken": {
+            "type": "boolean",
+            "default": true,
+            "markdownDescription": "If set to `true`, the auth token file will be deleted after the session ends"
+          },
+          "runme.aiBaseURL": {
+            "type": "string",
+            "default": "http://localhost:8877/api",
+            "description": "The base URL of the AI service."
           }
         }
       }
@@ -1231,6 +1240,7 @@
     "@graphql-codegen/client-preset": "^4.4.0",
     "@graphql-codegen/typescript": "4.1.0",
     "@octokit/rest": "^19.0.13",
+    "@types/jsonwebtoken": "^9.0.7",
     "@types/node": "^20.17.2",
     "@types/node-fetch": "^2.6.11",
     "@types/semver": "^7.5.8",
@@ -1312,6 +1322,7 @@
     "got": "^11.8.2",
     "graphql": "^16.8.0",
     "jsonc-parser": "^3.2.1",
+    "jsonwebtoken": "^9.0.2",
     "lit": "^3.2.1",
     "octokit": "^4.0.2",
     "simple-git": "^3.27.0",

diff --git a/src/extension/extension.ts b/src/extension/extension.ts
@@ -18,7 +18,6 @@ import { NotebookUiEvent, Serializer, SyncSchema, FeatureName } from '../types'
 import {
   getDocsUrlFor,
   getForceNewWindowConfig,
-  getRunmeAppUrl,
   getServerRunnerVersion,
   getSessionOutputs,
   getServerLifecycleIdentity,
@@ -474,31 +473,30 @@ export class RunmeExtension {
     }
 
     if (kernel.isFeatureOn(FeatureName.RequireStatefulAuth)) {
-      const forceLogin = kernel.isFeatureOn(FeatureName.ForceLogin)
-      context.subscriptions.push(new StatefulAuthProvider(context, uriHandler))
+      const statefulAuthProvider = new StatefulAuthProvider(context, uriHandler)
+      context.subscriptions.push(statefulAuthProvider)
+
+      const session = await getPlatformAuthSession(false, true)
+      let sessionFromToken = false
+      if (!session) {
+        sessionFromToken = await statefulAuthProvider.bootstrapFromToken()
+      }
+
+      const forceLogin = kernel.isFeatureOn(FeatureName.ForceLogin) || sessionFromToken
       const silent = forceLogin ? undefined : true
 
       getPlatformAuthSession(forceLogin, silent)
         .then((session) => {
           if (session) {
-            const openDashboardStr = 'Open Dashboard'
-            window
-              .showInformationMessage('Logged into the Stateful Platform', openDashboardStr)
-              .then((answer) => {
-                if (answer === openDashboardStr) {
-                  const dashboardUri = getRunmeAppUrl(['app'])
-                  const uri = Uri.parse(dashboardUri)
-                  env.openExternal(uri)
-                }
-              })
+            statefulAuthProvider.showLoginNotification()
           }
         })
         .catch((error) => {
           let message
           if (error instanceof Error) {
             message = error.message
           } else {
-            message = String(error)
+            message = JSON.stringify(error)
           }
 
           // https://github.com/microsoft/vscode/blob/main/src/vs/workbench/api/browser/mainThreadAuthentication.ts#L238
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,3 +18,4 @@ examples/.vscode @@
     assets
     .venv
     **/*-01*.md
+    secrets