From 013873e85a0ee688184f612ae91f14b26db60f8e Mon Sep 17 00:00:00 2001
From: nkomonen-amazon <nkomonen@amazon.com>
Date: Wed, 13 Nov 2024 23:14:19 -0500
Subject: [PATCH] add unit test

Signed-off-by: nkomonen-amazon <nkomonen@amazon.com>
---
 .../src/auth/sso/ssoAccessTokenProvider.ts    |  2 +-
 .../sso/ssoAccessTokenProvider.test.ts        | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/auth/sso/ssoAccessTokenProvider.ts b/packages/core/src/auth/sso/ssoAccessTokenProvider.ts
index fc69ec1cd9d..bf9c620c2f3 100644
--- a/packages/core/src/auth/sso/ssoAccessTokenProvider.ts
+++ b/packages/core/src/auth/sso/ssoAccessTokenProvider.ts
@@ -397,7 +397,7 @@ async function pollForTokenWithProgress<T extends { requestId?: string }>(
  */
 function getSessionDuration(id: string) {
     const creationDate = globals.globalState.getSsoSessionCreationDate(id)
-    return creationDate !== undefined ? Date.now() - creationDate : undefined
+    return creationDate !== undefined ? globals.clock.Date.now() - creationDate : undefined
 }
 
 /**
diff --git a/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts b/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts
index a307c11d667..97e33ce3f4f 100644
--- a/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts
+++ b/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts
@@ -265,6 +265,50 @@ describe('SsoAccessTokenProvider', function () {
             assert.notDeepStrictEqual(await sut.getToken(), cachedToken)
         })
 
+        it(`emits diff between logins of the same startUrl`, async function () {
+            setupFlow()
+            stubOpen()
+
+            await sut.createToken()
+            clock.tick(5000)
+            await sut.createToken()
+            clock.tick(10_000)
+            await sut.createToken()
+
+            // Mimic when we sign out then in again with the same region+startUrl. The ID will be the only thing different.
+            sut = SsoAccessTokenProvider.create(
+                { region, startUrl, identifier: 'bbb' },
+                cache,
+                oidcClient,
+                reAuthState,
+                () => true
+            )
+            await sut.createToken()
+
+            assertTelemetry('aws_loginWithBrowser', [
+                {
+                    credentialStartUrl: startUrl,
+                    awsRegion: region,
+                    diffInt: undefined,
+                },
+                {
+                    credentialStartUrl: startUrl,
+                    awsRegion: region,
+                    diffInt: 5000, // 5000 - 0 is the diff between this and previous login
+                },
+                {
+                    credentialStartUrl: startUrl,
+                    awsRegion: region,
+                    diffInt: 10000, // 15_000 - 5000 is the diff between this and previous login
+                },
+                {
+                    credentialStartUrl: startUrl,
+                    awsRegion: region,
+                    diffInt: undefined, // This is the new SSO session which knows nothing about the previous logins
+                },
+            ])
+        })
+
         it('respects the device authorization expiration time', async function () {
             // XXX: Don't know how to fix this "unhandled rejection" caused by this test:
             //      rejected promise not handled within 1 second: Error: Timed-out waiting for browser login flow to complete