diff --git a/packages/core/src/auth/sso/ssoAccessTokenProvider.ts b/packages/core/src/auth/sso/ssoAccessTokenProvider.ts index fc69ec1cd9d..bf9c620c2f3 100644 --- a/packages/core/src/auth/sso/ssoAccessTokenProvider.ts +++ b/packages/core/src/auth/sso/ssoAccessTokenProvider.ts @@ -397,7 +397,7 @@ async function pollForTokenWithProgress( */ function getSessionDuration(id: string) { const creationDate = globals.globalState.getSsoSessionCreationDate(id) - return creationDate !== undefined ? Date.now() - creationDate : undefined + return creationDate !== undefined ? globals.clock.Date.now() - creationDate : undefined } /** diff --git a/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts b/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts index a307c11d667..1bde91b26d8 100644 --- a/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts +++ b/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts @@ -265,6 +265,50 @@ describe('SsoAccessTokenProvider', function () { assert.notDeepStrictEqual(await sut.getToken(), cachedToken) }) + it(`emits session duration between logins of the same startUrl`, async function () { + setupFlow() + stubOpen() + + await sut.createToken() + clock.tick(5000) + await sut.createToken() + clock.tick(10_000) + await sut.createToken() + + // Mimic when we sign out then in again with the same region+startUrl. The ID is the only thing different. + sut = SsoAccessTokenProvider.create( + { region, startUrl, identifier: 'bbb' }, + cache, + oidcClient, + reAuthState, + () => true + ) + await sut.createToken() + + assertTelemetry('aws_loginWithBrowser', [ + { + credentialStartUrl: startUrl, + awsRegion: region, + sessionDuration: undefined, // A new login. + }, + { + credentialStartUrl: startUrl, + awsRegion: region, + sessionDuration: 5000, // A reauth. 5000 - 0, is the diff between this and previous login + }, + { + credentialStartUrl: startUrl, + awsRegion: region, + sessionDuration: 10000, // A reauth. 15_000 - 5000 is the diff between this and previous login + }, + { + credentialStartUrl: startUrl, + awsRegion: region, + sessionDuration: undefined, // A new login, since we signed out of the last. + }, + ]) + }) + it('respects the device authorization expiration time', async function () { // XXX: Don't know how to fix this "unhandled rejection" caused by this test: // rejected promise not handled within 1 second: Error: Timed-out waiting for browser login flow to complete