aws · syall · Sep 8, 2023 · Sep 5, 2023
@@ -20,28 +20,38 @@
 import static software.amazon.smithy.typescript.codegen.integration.RuntimeClientPlugin.Convention.HAS_MIDDLEWARE;
 
 import java.util.List;
+import software.amazon.smithy.typescript.codegen.TypeScriptSettings;
 import software.amazon.smithy.typescript.codegen.integration.RuntimeClientPlugin;
 import software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration;
 import software.amazon.smithy.utils.ListUtils;
 import software.amazon.smithy.utils.SmithyInternalApi;
 
 /**
  * Configure clients with Token auth configurations and plugin.
+ *
+ * This is the existing control behavior for `experimentalIdentityAndAuth`.
  */
 @SmithyInternalApi
 public final class AddTokenAuthPlugin implements TypeScriptIntegration {
+
+    /**
+     * Integration should only be used if `experimentalIdentityAndAuth` flag is false.
+     */
+    @Override
+    public boolean matchesSettings(TypeScriptSettings settings) {
+        return !settings.getExperimentalIdentityAndAuth();
+    }
+
     @Override
     public List<RuntimeClientPlugin> getClientPlugins() {
         return ListUtils.of(
             RuntimeClientPlugin.builder()
                     .withConventions(AwsDependency.MIDDLEWARE_TOKEN.dependency, "Token", HAS_CONFIG)
                     .servicePredicate((m, s) -> isHttpBearerAuthService(s))
-                    .settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
                     .build(),
             RuntimeClientPlugin.builder()
                     .withConventions(AwsDependency.MIDDLEWARE_TOKEN.dependency, "Token", HAS_MIDDLEWARE)
                     .servicePredicate((m, s) -> isHttpBearerAuthService(s))
-                    .settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
                     .build()
         );
     }

@@ -83,7 +83,10 @@ public enum AwsDependency implements PackageContainer, SymbolDependencyContainer
     FLEXIBLE_CHECKSUMS_MIDDLEWARE(NORMAL_DEPENDENCY, "@aws-sdk/middleware-flexible-checksums"),
 
     // Conditionally added when auth trait is present
-    MIDDLEWARE_API_KEY(NORMAL_DEPENDENCY, "@aws-sdk/middleware-api-key");
+    MIDDLEWARE_API_KEY(NORMAL_DEPENDENCY, "@aws-sdk/middleware-api-key"),
+
+    // feat(experimentalIdentityAndAuth): Conditionally added when @httpBearerAuth is used in an AWS service
+    TOKEN_PROVIDERS(NORMAL_DEPENDENCY, "@aws-sdk/token-providers");
 
     public final String packageName;
     public final String version;
@@ -140,4 +143,3 @@ private static String expectVersion(String packageName) {
         }
     }
 }
-
@@ -0,0 +1,59 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package software.amazon.smithy.aws.typescript.codegen.auth.http.integration;
+
+import java.util.List;
+import software.amazon.smithy.aws.typescript.codegen.AwsDependency;
+import software.amazon.smithy.model.traits.HttpBearerAuthTrait;
+import software.amazon.smithy.typescript.codegen.LanguageTarget;
+import software.amazon.smithy.typescript.codegen.TypeScriptSettings;
+import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthScheme;
+import software.amazon.smithy.typescript.codegen.auth.http.SupportedHttpAuthSchemesIndex;
+import software.amazon.smithy.typescript.codegen.auth.http.integration.AddHttpBearerAuthPlugin;
+import software.amazon.smithy.typescript.codegen.auth.http.integration.HttpAuthTypeScriptIntegration;
+import software.amazon.smithy.utils.SmithyInternalApi;
+
+/**
+ * Customize @httpBearerAuth for AWS SDKs.
+ *
+ * This is the experimental behavior for `experimentalIdentityAndAuth`.
+ */
+@SmithyInternalApi
+public final class AwsCustomizeHttpBearerTokenAuthPlugin implements HttpAuthTypeScriptIntegration {
+
+    /**
+     * Integration should only be used if `experimentalIdentityAndAuth` flag is true.
+     */
+    @Override
+    public boolean matchesSettings(TypeScriptSettings settings) {
+        return settings.getExperimentalIdentityAndAuth();
+    }
+
+    /**
+     * Run after default AddHttpBearerAuthPlugin.
+     */
+    @Override
+    public List<String> runAfter() {
+        return List.of(AddHttpBearerAuthPlugin.class.getCanonicalName());
+    }
+
+    @Override
+    public void customizeSupportedHttpAuthSchemes(SupportedHttpAuthSchemesIndex supportedHttpAuthSchemesIndex) {
+        HttpAuthScheme authScheme = supportedHttpAuthSchemesIndex.getHttpAuthScheme(HttpBearerAuthTrait.ID).toBuilder()
+            // Current behavior of unconfigured `token` is to throw an error.
+            // This may need to be customized if a service is released with multiple auth schemes.
+            .putDefaultIdentityProvider(LanguageTarget.BROWSER, w ->
+                w.write("async () => { throw new Error(\"`token` is missing\"); }"))
+            // Use `@aws-sdk/token-providers` as the default identity provider chain for Node.js
+            .putDefaultIdentityProvider(LanguageTarget.NODE, w -> {
+                w.addDependency(AwsDependency.TOKEN_PROVIDERS);
+                w.addImport("nodeProvider", null, AwsDependency.TOKEN_PROVIDERS);
+                w.write("nodeProvider");
+            })
+            .build();
+        supportedHttpAuthSchemesIndex.putHttpAuthScheme(authScheme.getSchemeId(), authScheme);
+    }
+}
@@ -24,4 +24,5 @@ software.amazon.smithy.aws.typescript.codegen.AddDocumentClientPlugin
 software.amazon.smithy.aws.typescript.codegen.AddEndpointDiscoveryPlugin
 software.amazon.smithy.aws.typescript.codegen.AddHttpChecksumDependency
 software.amazon.smithy.aws.typescript.codegen.AddEventBridgePlugin
+software.amazon.smithy.aws.typescript.codegen.auth.http.integration.AwsCustomizeHttpBearerTokenAuthPlugin
 software.amazon.smithy.aws.typescript.codegen.auth.http.integration.AwsCustomizeSigv4AuthPlugin