Implement the old token auth method (#2769)

Author: jonkeane

CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added endpoints for performing OAuth Device Authorization Grant with Posit Cloud login. (#2692)
 - Added support to publishing schema for Connect Cloud. (#2729, #2747)
+- Added support for one-click token authentication with Connect. (#2769)
 
 ### Changed
 

extensions/vscode/src/api/resources/Credentials.test.ts

@@ -0,0 +1,107 @@
+// Copyright (C) 2025 by Posit Software, PBC.
+
+import { describe, expect, test, vi, beforeEach } from "vitest";
+import { AxiosInstance } from "axios";
+import { Credentials } from "./Credentials";
+import { ServerType } from "../types/contentRecords";
+
+// Simple mock for the axios client
+const mockAxiosPost = vi.fn();
+const mockAxiosClient = {
+  post: mockAxiosPost,
+  get: vi.fn(),
+  delete: vi.fn(),
+};
+
+describe("Credentials API client", () => {
+  let credentials: Credentials;
+
+  beforeEach(() => {
+    // Reset mocks before each test
+    vi.clearAllMocks();
+    credentials = new Credentials(mockAxiosClient as unknown as AxiosInstance);
+  });
+
+  test("create supports token authentication parameters", async () => {
+    // Setup mock response
+    mockAxiosPost.mockResolvedValue({ data: { guid: "test-guid" } });
+
+    // Call create with token parameters
+    await credentials.create(
+      "Test Credential",
+      "https://connect.example.com",
+      "",
+      "",
+      "",
+      "",
+      "",
+      "",
+      ServerType.CONNECT,
+      "test-token-123",
+      "test-private-key-123",
+    );
+
+    // Verify correct parameters were passed to axios post
+    expect(mockAxiosPost).toHaveBeenCalledWith(
+      "credentials",
+      {
+        name: "Test Credential",
+        url: "https://connect.example.com",
+        apiKey: "",
+        snowflakeConnection: "",
+        accountId: "",
+        accountName: "",
+        refreshToken: "",
+        accessToken: "",
+        serverType: ServerType.CONNECT,
+        token: "test-token-123",
+        privateKey: "test-private-key-123",
+      },
+      {
+        headers: {
+          "Connect-Cloud-Environment": "production",
+        },
+      },
+    );
+  });
+
+  test("generateToken calls the correct endpoint with server URL", async () => {
+    // Setup mock response
+    mockAxiosPost.mockResolvedValue({
+      data: {
+        token: "test-token-123",
+        claimUrl: "https://connect.example.com/claim/123",
+        privateKey: "test-private-key-123",
+      },
+    });
+
+    // Call generateToken
+    await credentials.generateToken("https://connect.example.com");
+
+    // Verify correct parameters were passed to axios post
+    expect(mockAxiosPost).toHaveBeenCalledWith("connect/token", {
+      serverUrl: "https://connect.example.com",
+    });
+  });
+
+  test("verifyToken calls the correct endpoint with token parameters", async () => {
+    // Setup mock response
+    mockAxiosPost.mockResolvedValue({
+      data: { username: "testuser", guid: "user-123" },
+    });
+
+    // Call verifyToken
+    await credentials.verifyToken(
+      "https://connect.example.com",
+      "test-token-123",
+      "test-private-key-123",
+    );
+
+    // Verify correct parameters were passed to axios post
+    expect(mockAxiosPost).toHaveBeenCalledWith("connect/token/user", {
+      serverUrl: "https://connect.example.com",
+      token: "test-token-123",
+      privateKey: "test-private-key-123",
+    });
+  });
+});

extensions/vscode/src/api/resources/Credentials.ts

@@ -34,6 +34,8 @@ export class Credentials {
     refreshToken: string,
     accessToken: string,
     serverType: ServerType,
+    token?: string,
+    privateKey?: string,
   ) {
     return this.client.post<Credential>(
       `credentials`,
@@ -47,6 +49,8 @@ export class Credentials {
         refreshToken,
         accessToken,
         serverType,
+        token,
+        privateKey,
       },
       { headers: CONNECT_CLOUD_ENV_HEADER },
     );
@@ -92,4 +96,30 @@ export class Credentials {
       insecure,
     });
   }
+
+  // Generates a new token for Connect authentication
+  // Returns token ID, claim URL, and private key
+  generateToken(serverUrl: string) {
+    return this.client.post<{
+      token: string;
+      claimUrl: string;
+      privateKey: string;
+    }>(`connect/token`, {
+      serverUrl,
+    });
+  }
+
+  // Verifies if a token has been claimed
+  // Returns the user information if the token has been claimed
+  verifyToken(serverUrl: string, token: string, privateKey: string) {
+    return this.client.post<{
+      username?: string;
+      guid?: string;
+      [key: string]: unknown;
+    }>(`connect/token/user`, {
+      serverUrl,
+      token,
+      privateKey,
+    });
+  }
 }

extensions/vscode/src/auth/ConnectAuthTokenActivator.test.ts

@@ -0,0 +1,200 @@
+// Copyright (C) 2025 by Posit Software, PBC.
+
+import { describe, expect, test, vi, beforeEach } from "vitest";
+import { window, env } from "vscode";
+import { ConnectAuthTokenActivator } from "./ConnectAuthTokenActivator";
+import { useApi } from "src/api";
+
+// Mock dependencies
+vi.mock("vscode", () => ({
+  window: {
+    createOutputChannel: vi.fn(() => ({
+      appendLine: vi.fn(),
+    })),
+    showInformationMessage: vi.fn(),
+    showErrorMessage: vi.fn(),
+  },
+  Uri: {
+    parse: vi.fn(),
+  },
+  env: {
+    openExternal: vi.fn(),
+  },
+}));
+
+vi.mock("src/api", () => ({
+  useApi: vi.fn(),
+}));
+
+vi.mock("src/utils/progress", () => ({
+  showProgress: vi.fn((_, __, callback) => callback()),
+}));
+
+vi.mock("src/utils/errors", () => ({
+  getMessageFromError: vi.fn((error) => error?.message || "Unknown error"),
+}));
+
+// Type guards for mocked functions
+const mockUseApi = vi.mocked(useApi);
+const mockShowInformationMessage = vi.mocked(window.showInformationMessage);
+const mockShowErrorMessage = vi.mocked(window.showErrorMessage);
+const mockOpenExternal = vi.mocked(env.openExternal);
+
+describe("ConnectAuthTokenActivator", () => {
+  let activator: ConnectAuthTokenActivator;
+  let mockApi: {
+    credentials: {
+      generateToken: ReturnType<typeof vi.fn>;
+      verifyToken: ReturnType<typeof vi.fn>;
+    };
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+
+    mockApi = {
+      credentials: {
+        generateToken: vi.fn(),
+        verifyToken: vi.fn(),
+      },
+    };
+    mockUseApi.mockResolvedValue(
+      mockApi as unknown as Awaited<ReturnType<typeof useApi>>,
+    );
+
+    activator = new ConnectAuthTokenActivator(
+      "https://connect.example.com",
+      "test-view-id",
+    );
+  });
+
+  test("constructor initializes properties correctly", () => {
+    expect(activator).toBeDefined();
+  });
+
+  test("initialize() calls useApi and sets up the API client", async () => {
+    await activator.initialize();
+    expect(mockUseApi).toHaveBeenCalledOnce();
+  });
+
+  test("activateToken() completes the full token authentication flow", async () => {
+    // Setup mocks
+    mockApi.credentials.generateToken.mockResolvedValue({
+      data: {
+        token: "test-token-123",
+        claimUrl: "https://connect.example.com/claim/123",
+        privateKey: "test-private-key-123",
+      },
+    });
+
+    mockApi.credentials.verifyToken.mockResolvedValue({
+      status: 200,
+      data: { username: "testuser" },
+    });
+
+    // Initialize and run
+    await activator.initialize();
+    const result = await activator.activateToken();
+
+    // Verify the flow
+    expect(mockApi.credentials.generateToken).toHaveBeenCalledWith(
+      "https://connect.example.com",
+    );
+    expect(mockOpenExternal).toHaveBeenCalledWith(
+      expect.objectContaining({}), // Uri.parse result
+    );
+    expect(mockApi.credentials.verifyToken).toHaveBeenCalledWith(
+      "https://connect.example.com",
+      "test-token-123",
+      "test-private-key-123",
+    );
+    expect(mockShowInformationMessage).toHaveBeenCalledWith(
+      "Successfully authenticated as testuser",
+    );
+
+    // Verify result
+    expect(result).toEqual({
+      token: "test-token-123",
+      privateKey: "test-private-key-123",
+      userName: "testuser",
+    });
+  });
+
+  test("activateToken() handles token verification polling with retries", async () => {
+    // Setup mocks
+    mockApi.credentials.generateToken.mockResolvedValue({
+      data: {
+        token: "test-token-123",
+        claimUrl: "https://connect.example.com/claim/123",
+        privateKey: "test-private-key-123",
+      },
+    });
+
+    // Mock verification to fail a few times, then succeed
+    mockApi.credentials.verifyToken
+      .mockRejectedValueOnce(new Error("401 Unauthorized"))
+      .mockRejectedValueOnce(new Error("401 Unauthorized"))
+      .mockResolvedValueOnce({
+        status: 200,
+        data: { username: "testuser" },
+      });
+
+    // Initialize and run
+    await activator.initialize();
+    const result = await activator.activateToken();
+
+    // Verify multiple verification attempts
+    expect(mockApi.credentials.verifyToken).toHaveBeenCalledTimes(3);
+    expect(result.userName).toBe("testuser");
+  });
+
+  test("activateToken() throws error when not initialized", async () => {
+    // Don't call initialize()
+    await expect(activator.activateToken()).rejects.toThrow(
+      "ConnectAuthTokenActivator must be initialized before use",
+    );
+  });
+
+  test("activateToken() handles token generation failure", async () => {
+    mockApi.credentials.generateToken.mockRejectedValue(
+      new Error("Failed to generate token"),
+    );
+
+    await activator.initialize();
+
+    await expect(activator.activateToken()).rejects.toThrow(
+      "Failed to generate token",
+    );
+    expect(mockShowErrorMessage).toHaveBeenCalledWith(
+      "Failed to complete token authentication: Failed to generate token",
+    );
+  });
+
+  test("activateToken() handles timeout when token claim takes too long", async () => {
+    // Setup mocks
+    mockApi.credentials.generateToken.mockResolvedValue({
+      data: {
+        token: "test-token-123",
+        claimUrl: "https://connect.example.com/claim/123",
+        privateKey: "test-private-key-123",
+      },
+    });
+
+    // Mock verification to always fail (simulating timeout)
+    mockApi.credentials.verifyToken.mockRejectedValue(
+      new Error("401 Unauthorized"),
+    );
+
+    // Create activator with reduced maxAttempts for faster testing
+    const fastActivator = new ConnectAuthTokenActivator(
+      "https://connect.example.com",
+      "test-view-id",
+      2, // maxAttempts
+    );
+    await fastActivator.initialize();
+
+    await expect(fastActivator.activateToken()).rejects.toThrow(
+      "Token claim process timed out or was cancelled",
+    );
+  });
+});