feat(experimentalIdentityAndAuth): update HttpAuthOption and HttpAuthScheme codegen

After upgrading to Smithy 1.37.0
(smithy-lang#906), upgrade to
`getEffectiveAuthSchemes` using `NO_AUTH_AWARE` and remove redundant
code.

For `HttpAuthOption`, allow any auth scheme to generate the
corresponding `HttpAuthOption` function regardless of registering it in
codegen.

For `HttpAuthScheme`, reduce code duplication by looking at "inherited"
`LanguageTarget` platforms (e.g. `REACT_NATIVE` inherits from
`BROWSER`). `httpAuthSchemes` is only written in a `runtimeConfig` if
the `IdentityProvider` and `Signer` are different between platforms, or
if the registered `HttpAuthScheme`s are different. `httpAuthSchemes` is
always written for `SHARED` as a default.

For each of the generic auth (`@httpApiKeyAuth`, `@httpBearerAuth`, and
`@aws.auth#sigv4`), make the identity providers and signers the same and
available on all platforms.

For the `httpAuthSchemes` property on the client config interface,
update it to `HttpAuthScheme[]` rather than
`IdentityProviderConfiguration`.

Author: Steven Yuan

smithy-typescript-codegen/src/main/java/software/amazon/smithy/typescript/codegen/RuntimeConfigGenerator.java

@@ -16,6 +16,7 @@
 package software.amazon.smithy.typescript.codegen;
 
 import java.nio.file.Paths;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -24,12 +25,12 @@
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
 import software.amazon.smithy.build.SmithyBuildException;
+import software.amazon.smithy.codegen.core.CodegenException;
 import software.amazon.smithy.codegen.core.SymbolProvider;
 import software.amazon.smithy.model.Model;
 import software.amazon.smithy.model.knowledge.ServiceIndex;
 import software.amazon.smithy.model.shapes.ServiceShape;
 import software.amazon.smithy.model.shapes.ShapeId;
-import software.amazon.smithy.model.traits.Trait;
 import software.amazon.smithy.typescript.codegen.auth.AuthUtils;
 import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthScheme;
 import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthSchemeProviderGenerator;
@@ -208,50 +209,57 @@ private void generateHttpAuthSchemeConfig(
         TypeScriptWriter writer,
         LanguageTarget target
     ) {
+        // feat(experimentalIdentityAndAuth): write the default imported HttpAuthSchemeProvider
+        if (target.equals(LanguageTarget.SHARED)) {
+            configs.put("httpAuthSchemeProvider", w -> {
+                String providerName = "default" + service.toShapeId().getName() + "HttpAuthSchemeProvider";
+                w.addRelativeImport(providerName, null, Paths.get(".", CodegenUtils.SOURCE_FOLDER,
+                    HttpAuthSchemeProviderGenerator.HTTP_AUTH_FOLDER,
+                    HttpAuthSchemeProviderGenerator.HTTP_AUTH_SCHEME_RESOLVER_MODULE));
+                w.write(providerName);
+            });
+        }
+
         // feat(experimentalIdentityAndAuth): gather HttpAuthSchemes to generate
-        SupportedHttpAuthSchemesIndex index = new SupportedHttpAuthSchemesIndex(integrations);
+        SupportedHttpAuthSchemesIndex authIndex = new SupportedHttpAuthSchemesIndex(integrations);
         ServiceIndex serviceIndex = ServiceIndex.of(model);
-        Map<ShapeId, Trait> authSchemeTraits = serviceIndex.getAuthSchemes(service);
-        Map<ShapeId, HttpAuthScheme> authSchemes = authSchemeTraits.entrySet().stream()
-            .filter(entry -> index.getHttpAuthScheme(entry.getKey()) != null)
-            .collect(Collectors.toMap(
-                entry -> entry.getKey(),
-                entry -> index.getHttpAuthScheme(entry.getKey())));
-        // feat(experimentalIdentityAndAuth): can be removed after changing to NO_AUTH_AWARE schemes
-        // The default set of HttpAuthSchemes is @smithy.api#noAuth on the shared runtime config
-        authSchemes.put(AuthUtils.NO_AUTH_ID, index.getHttpAuthScheme(AuthUtils.NO_AUTH_ID));
-        boolean shouldGenerateHttpAuthSchemes = index.getSupportedHttpAuthSchemes().values().stream().anyMatch(value ->
-            // If either an default identity or signer is configured for the target, generate auth schemes
-            value.getDefaultIdentityProviders().containsKey(target) || value.getDefaultSigners().containsKey(target));
-        if (!shouldGenerateHttpAuthSchemes) {
+        Map<ShapeId, HttpAuthScheme> targetAuthSchemes = getTargetAuthSchemes(target, authIndex, serviceIndex);
+
+        // Generate only if the "inherited" target is different than the current target
+        Map<ShapeId, HttpAuthScheme> inheritedAuthSchemes = Collections.emptyMap();
+        LanguageTarget inherited = LanguageTarget.SHARED;
+        // Always generated the SHARED target
+        if (target.equals(LanguageTarget.SHARED)) {
+            // no-op
+        // NODE and BROWSER inherit from SHARED
+        } else if (target.equals(LanguageTarget.NODE) || target.equals(LanguageTarget.BROWSER)) {
+            inheritedAuthSchemes = getTargetAuthSchemes(LanguageTarget.SHARED, authIndex, serviceIndex);
+        // REACT_NATIVE inherits from BROWSER
+        } else if (target.equals(LanguageTarget.REACT_NATIVE)) {
+            inheritedAuthSchemes = getTargetAuthSchemes(LanguageTarget.BROWSER, authIndex, serviceIndex);
+            inherited = LanguageTarget.BROWSER;
+        } else {
+            throw new CodegenException("Unhandled Language Target: " + target);
+        }
+
+        // If target and inherited auth schemes are equal, then don't generate target auth schemes.
+        if (areAuthSchemesTargetEqual(targetAuthSchemes, target, inheritedAuthSchemes, inherited)) {
             return;
         }
-        // feat(experimentalIdentityAndAuth): write the default imported HttpAuthSchemeProvider
-        configs.put("httpAuthSchemeProvider", w -> {
-            String providerName = "default" + service.toShapeId().getName() + "HttpAuthSchemeProvider";
-            w.addRelativeImport(providerName, null, Paths.get(".", CodegenUtils.SOURCE_FOLDER,
-                HttpAuthSchemeProviderGenerator.HTTP_AUTH_FOLDER,
-                HttpAuthSchemeProviderGenerator.HTTP_AUTH_SCHEME_RESOLVER_MODULE));
-            w.write(providerName);
-        });
+
         // feat(experimentalIdentityAndAuth): write the default IdentityProviderConfiguration with configured
         // HttpAuthSchemes
         configs.put("httpAuthSchemes", w -> {
-            w.addDependency(TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
-            w.addImport("DefaultIdentityProviderConfiguration", null,
-                TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
-            w.openBlock("new DefaultIdentityProviderConfiguration([", "])", () -> {
-                Iterator<Entry<ShapeId, HttpAuthScheme>> iter = authSchemes.entrySet().iterator();
+            w.openBlock("[", "]", () -> {
+                Iterator<Entry<ShapeId, HttpAuthScheme>> iter = targetAuthSchemes.entrySet().iterator();
                 while (iter.hasNext()) {
                     Entry<ShapeId, HttpAuthScheme> entry = iter.next();
-                    // Default IdentityProvider or HttpSigner, otherwise write {@code never} to force a TypeScript
-                    // compilation failure.
                     Consumer<TypeScriptWriter> defaultIdentityProvider = entry.getValue()
                         .getDefaultIdentityProviders()
-                        .getOrDefault(target, AuthUtils.DEFAULT_NEVER_WRITER);
+                        .get(target);
                     Consumer<TypeScriptWriter> defaultSigner = entry.getValue()
                         .getDefaultSigners()
-                        .getOrDefault(target, AuthUtils.DEFAULT_NEVER_WRITER);
+                        .get(target);
                     w.write("""
                         {
                           schemeId: $S,
@@ -269,6 +277,74 @@ private void generateHttpAuthSchemeConfig(
         });
     }
 
+    /**
+     * Get auth schemes for a {@link LanguageTarget}.
+     *
+     * Criteria for an auth scheme is:
+     * - Auth scheme must be registered
+     * - Identity Provider must be provided for target
+     * - Signer must be provided for target
+     *
+     * @param target target platform
+     * @param authIndex supported auth scheme index
+     * @param serviceIndex service index
+     * @return returns effective auth schemes for a particular target.
+     */
+    private Map<ShapeId, HttpAuthScheme> getTargetAuthSchemes(
+        LanguageTarget target,
+        SupportedHttpAuthSchemesIndex authIndex,
+        ServiceIndex serviceIndex
+    ) {
+        return AuthUtils.getAllEffectiveNoAuthAwareAuthSchemes(this.service, serviceIndex, authIndex)
+            .entrySet()
+            .stream()
+            .filter(e -> e.getValue() != null
+                && e.getValue().getDefaultIdentityProviders().get(target) != null
+                && e.getValue().getDefaultSigners().get(target) != null)
+            .collect(Collectors.toMap(Entry::getKey, Entry::getValue));
+    }
+
+    /**
+     * Checks if auth schemes are equal based on {@link LanguageTarget}.
+     *
+     * Criteria for equivalent auth schemes are:
+     *
+     * - Must have the same auth schemes registered
+     * - Registered auth scheme targets must have equivalent identity providers
+     * - Registered auth scheme targets must have equivalent signers
+     *
+     * @param targetAuthSchemes target auth schemes
+     * @param target target platform
+     * @param inheritedAuthSchemes inherited auth schemes
+     * @param inherited inherited platform
+     * @return if auth schemes are equal.
+     */
+    private boolean areAuthSchemesTargetEqual(
+        Map<ShapeId, HttpAuthScheme> targetAuthSchemes,
+        LanguageTarget target,
+        Map<ShapeId, HttpAuthScheme> inheritedAuthSchemes,
+        LanguageTarget inherited
+    ) {
+        if (targetAuthSchemes.size() != inheritedAuthSchemes.size()) {
+            return false;
+        }
+        for (var targetEntry : targetAuthSchemes.entrySet()) {
+            var inheritedAuthScheme = inheritedAuthSchemes.get(targetEntry.getKey());
+            if (inheritedAuthScheme == null) {
+                return false;
+            }
+            if (targetEntry.getValue().getDefaultIdentityProviders().get(target)
+                != inheritedAuthScheme.getDefaultIdentityProviders().get(inherited)) {
+                return false;
+            }
+            if (targetEntry.getValue().getDefaultSigners().get(target)
+                != inheritedAuthScheme.getDefaultSigners().get(inherited)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
     private Map<String, Consumer<TypeScriptWriter>> getDefaultRuntimeConfigs(LanguageTarget target) {
         switch (target) {
             case NODE:

smithy-typescript-codegen/src/main/java/software/amazon/smithy/typescript/codegen/ServiceBareBonesClientGenerator.java

@@ -305,13 +305,12 @@ private void generateClientDefaults() {
             // feat(experimentalIdentityAndAuth): write httpAuthSchemes and httpAuthSchemeProvider into ClientDefaults
             if (settings.getExperimentalIdentityAndAuth()) {
                 writer.addDependency(TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
-                writer.addImport("IdentityProviderConfiguration", null,
-                    TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
+                writer.addImport("HttpAuthScheme", null, TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
                 writer.writeDocs("""
                     experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides \
                     default identity providers and signers per auth scheme.
                     @internal""");
-                writer.write("httpAuthSchemes?: IdentityProviderConfiguration;\n");
+                writer.write("httpAuthSchemes?: HttpAuthScheme[];\n");
 
                 String httpAuthSchemeProviderName = service.toShapeId().getName() + "HttpAuthSchemeProvider";
                 writer.addRelativeImport(httpAuthSchemeProviderName, null, Paths.get(".",

smithy-typescript-codegen/src/main/java/software/amazon/smithy/typescript/codegen/auth/AuthUtils.java

@@ -5,25 +5,41 @@
 
 package software.amazon.smithy.typescript.codegen.auth;
 
-import java.util.function.Consumer;
+import java.util.Map;
+import java.util.TreeMap;
+import software.amazon.smithy.model.knowledge.ServiceIndex;
+import software.amazon.smithy.model.knowledge.ServiceIndex.AuthSchemeMode;
+import software.amazon.smithy.model.shapes.ServiceShape;
 import software.amazon.smithy.model.shapes.ShapeId;
-import software.amazon.smithy.typescript.codegen.TypeScriptWriter;
+import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthScheme;
+import software.amazon.smithy.typescript.codegen.auth.http.SupportedHttpAuthSchemesIndex;
 import software.amazon.smithy.utils.SmithyInternalApi;
 
 /**
  * Auth utility methods needed across Java packages.
  */
 @SmithyInternalApi
 public final class AuthUtils {
-    /**
-     * Writes out `never`, which will make TypeScript compilation fail if used as a value.
-     */
-    public static final Consumer<TypeScriptWriter> DEFAULT_NEVER_WRITER = w -> w.write("never");
-
-    /**
-     * Should be replaced when the synthetic NoAuthTrait is released in Smithy.
-     */
-    public static final ShapeId NO_AUTH_ID = ShapeId.from("smithy.api#noAuth");
-
     private AuthUtils() {}
+
+    public static Map<ShapeId, HttpAuthScheme> getAllEffectiveNoAuthAwareAuthSchemes(
+        ServiceShape serviceShape,
+        ServiceIndex serviceIndex,
+        SupportedHttpAuthSchemesIndex authIndex
+    ) {
+        Map<ShapeId, HttpAuthScheme> effectiveAuthSchemes = new TreeMap<>();
+        var serviceEffectiveAuthSchemes =
+            serviceIndex.getEffectiveAuthSchemes(serviceShape, AuthSchemeMode.NO_AUTH_AWARE);
+        for (ShapeId shapeId : serviceEffectiveAuthSchemes.keySet()) {
+            effectiveAuthSchemes.put(shapeId, authIndex.getHttpAuthScheme(shapeId));
+        }
+        for (var operation : serviceShape.getAllOperations()) {
+            var operationEffectiveAuthSchemes =
+                serviceIndex.getEffectiveAuthSchemes(serviceShape, operation, AuthSchemeMode.NO_AUTH_AWARE);
+            for (ShapeId shapeId : operationEffectiveAuthSchemes.keySet()) {
+                effectiveAuthSchemes.put(shapeId, authIndex.getHttpAuthScheme(shapeId));
+            }
+        }
+        return effectiveAuthSchemes;
+    }
 }