Refresh token functionality

src/auth/AuthProvider/types.ts

@@ -1,3 +1,6 @@
+import { AuthenticationSession, EventEmitter, Uri } from "vscode";
+import { PromiseAdapter } from "./utils/promiseFromEvent";
+
 export type User = {
   id: number;
   userName: string;
@@ -28,3 +31,37 @@ export type UserInfo = {
   needConsent: boolean;
   defaultWorkspaceId: number;
 };
+
+export type WebCallback = {
+  promise: Promise<string>;
+  cancel: EventEmitter<void>;
+};
+
+export type AuthSession = AuthenticationSession & {
+  refreshToken?: string;
+};
+
+export type ResponseAuth0 = {
+  access_token: string;
+  refresh_token?: string;
+  token_type: "Bearer";
+  expires_in: number;
+  scope: string;
+  id_token: string;
+};
+
+export type UserInfoAuth0 = {
+  email: string;
+  email_verified: boolean;
+  family_name: string;
+  given_name: string;
+  name: string;
+  nickname: string;
+  picture: string;
+  preferred_username: string;
+  sub: string;
+  updated_at: string;
+};
+
+export type Auth0LoginType = "code" | "token";
+export type WebCallbackHandler = PromiseAdapter<Uri, string>;

src/auth/getAccessToken.ts

@@ -1,14 +1,31 @@
-import { AuthenticationSession, ExtensionContext } from "vscode";
+import { ExtensionContext } from "vscode";
+import { jwtExpired } from "./AuthProvider/utils/jwt";
 
-import { STORAGE_KEY_NAME } from "./AuthProvider";
+import { STORAGE_KEY } from "./AuthProvider";
+import refreshAccessToken from "./refreshAccessToken";
+import { AuthSession } from "./AuthProvider/types";
+
+export type Auth0TokenResponse = {
+  access_token: string;
+  refresh_token?: string;
+  expires_in: number;
+  token_type: string;
+  scope: string;
+};
 
 const getAccessToken = async (
   context: ExtensionContext
 ): Promise<string | undefined> => {
-  const sessionsStr = await context.secrets.get(STORAGE_KEY_NAME);
+  const sessionsStr = await context.secrets.get(STORAGE_KEY);
   const sessions = sessionsStr ? JSON.parse(sessionsStr) : [];
-  const session = sessions[0] as AuthenticationSession;
-  const token = session?.accessToken;
+  const session = sessions[0] as AuthSession;
+  let token = session?.accessToken;
+
+  // Check if token is expired
+  if (token && jwtExpired(token)) {
+    const newToken = await refreshAccessToken(session, context);
+    if (newToken) return newToken;
+  }
   return token;
 };
 

src/auth/refreshAccessToken.ts

@@ -0,0 +1,52 @@
+// import fetch from "node-fetch";
+
+import { STORAGE_KEY } from "./AuthProvider";
+import {
+  AUTH0_CLIENT_ID,
+  AUTH0_CLIENT_SECRET,
+  AUTH0_DOMAIN
+} from "../constants";
+import { Auth0TokenResponse } from "./getAccessToken";
+import { ExtensionContext } from "vscode";
+import { AuthSession } from "./AuthProvider/types";
+
+const refreshAccessToken = async (
+  session: AuthSession,
+  context: ExtensionContext
+): Promise<string | undefined> => {
+  const refreshToken = session.refreshToken;
+  if (!refreshToken) return undefined;
+
+  try {
+    const data = new URLSearchParams([
+      ["grant_type", "refresh_token"],
+      ["client_id", AUTH0_CLIENT_ID],
+      ["client_secret", AUTH0_CLIENT_SECRET],
+      ["refresh_token", refreshToken]
+    ]);
+
+    const response = await fetch(`${AUTH0_DOMAIN}/oauth/token`, {
+      method: "POST",
+      headers: { "content-type": "application/x-www-form-urlencoded" },
+      body: data.toString()
+    });
+
+    const tokens = (await response.json()) as Auth0TokenResponse;
+    const { access_token, refresh_token } = tokens;
+    if (!access_token) throw new Error(`No new access token`);
+
+    const updatedSession: AuthSession = {
+      ...session,
+      accessToken: access_token,
+      refreshToken: refresh_token || session.refreshToken
+    };
+    await context.secrets.store(STORAGE_KEY, JSON.stringify([updatedSession]));
+    return access_token;
+  } catch (err) {
+    console.log("🔴 Failed to refresh token", err);
+    return undefined;
+  }
+  return undefined;
+};
+
+export default refreshAccessToken;

src/constants.ts

@@ -1,4 +1,14 @@
-export const SEQERA_PLATFORM_URL = `https://cloud.seqera.io`;
+// TODO: Restore to cloud.seqera.io
+export const SEQERA_PLATFORM_URL = `https://pr-8246.dev-tower.net`;
 export const SEQERA_API_URL = `${SEQERA_PLATFORM_URL}/api`;
 export const SEQERA_HUB_API_URL = `https://hub.seqera.io`;
 export const SEQERA_INTERN_API_URL = `https://intern.seqera.io`;
+
+// TODO: Use env var to store the Auth0 secret
+// TODO: Update to production Auth0 app
+// TODO: Security implications of rolling up this secret into the built extension
+export const AUTH0_CLIENT_SECRET =
+  "tZ3N8vHuvpLQlzdGEhel4Vz5DeluNNyTtid-2jFBdDiXmIGNbX9yhjDmQ2Pg6VT-";
+export const AUTH0_CLIENT_ID = "7PJnvIXiXK3HkQR43c4zBf3bWuxISp9W";
+export const AUTH0_SCOPES = "openid profile email offline_access";
+export const AUTH0_DOMAIN = `seqera-development.eu.auth0.com`;

src/webview/WebviewProvider/index.ts

@@ -181,7 +181,6 @@ class WebviewProvider implements vscode.WebviewViewProvider {
 
   public async initViewData(refresh?: boolean) {
     const { viewID, _context, _currentView: view } = this;
-    console.log("🟠 initViewData", viewID);
     if (!view) return;
     if (viewID === "seqeraCloud") {
       this.getRepoInfo();
@@ -211,7 +210,7 @@ class WebviewProvider implements vscode.WebviewViewProvider {
       const created = await createTest(filePath, accessToken);
       this.emitTestCreated(filePath, created);
     } catch (error) {
-      console.log("🟠 Test creation failed", error);
+      console.log("🔴 Test creation failed", error);
       this.emitTestCreated(filePath, false);
     }
   }
@@ -227,12 +226,11 @@ class WebviewProvider implements vscode.WebviewViewProvider {
 
   private async getContainer(filePath: string) {
     const accessToken = await getAccessToken(this._context);
-
     try {
       const created = await getContainer(filePath, accessToken);
       this.emitContainerCreated(filePath, created);
     } catch (error) {
-      console.log("🟠 Container creation failed", error);
+      console.log("🔴 Container creation failed", error);
       this.emitContainerCreated(filePath, false);
     }
   }

src/webview/WebviewProvider/lib/index.ts

@@ -1,4 +1,5 @@
 export { default as fetchPlatformData } from "./platform/fetchPlatformData";
+export { default as clearPlatformData } from "./platform/clearPlatformData";
 export { default as getAuthState } from "./platform/getAuthState";
 export * from "./platform/utils";
 

src/webview/WebviewProvider/lib/platform/clearPlatformData.ts

@@ -0,0 +1,12 @@
+import { ExtensionContext, WebviewView } from "vscode";
+
+const clearPlatformData = async (
+  view: WebviewView["webview"] | undefined,
+  context: ExtensionContext
+) => {
+  view?.postMessage({ authState: {} });
+  const vsCodeState = context.workspaceState;
+  vsCodeState.update("platformData", {});
+};
+
+export default clearPlatformData;

src/webview/WebviewProvider/lib/platform/utils/fetchUserInfo.ts

@@ -9,7 +9,7 @@ const fetchUserInfo = async (token: string): Promise<UserInfoResponse> => {
         Authorization: `Bearer ${token}`
       }
     });
-    console.log("🟣 fetchUserInfo", response.status);
+    console.log("🟣 fetchUserInfo", response);
     if (response.status === 401) {
       throw new Error("Unauthorized");
     }

webview-ui/src/Layout/SeqeraCloud/Toolbar/WorkspaceSelector.tsx

@@ -2,6 +2,7 @@ import { useTowerContext } from "../../../Context";
 import Select from "../../../components/Select";
 import { getWorkspaceURL } from "../utils";
 import Button from "../../../components/Button";
+import { SEQERA_PLATFORM_URL } from "../../../../../src/constants";
 
 const WorkspaceSelector = () => {
   const {
@@ -36,7 +37,9 @@ const WorkspaceSelector = () => {
             subtle
           />
         ) : (
-          <div>No workspaces found</div>
+          <Button subtle href={SEQERA_PLATFORM_URL} fullWidth>
+            No workspaces found
+          </Button>
         )}
         {!!manageURL && (
           <Button