Support IAM Credential Authentication in AWS Q Developer/CodeWhisperer

[twwildey]

Is your feature request related to a problem? Please describe.

The LSP server for AWS Q Developer is only supporting Bearer tokens at this time and not IAM credentials:

<-  LSP-aws-q-developer window/logMessage: {'type': 3, 'message': '[2024-05-25T03:17:58.532Z] Recommendation failure: Error: Authorization failed, bearer token is not set'}

You can see this here effectively:

1. language-servers/app/aws-lsp-codewhisperer-binary/src/index.ts

   Line 16 in c5a9b58

   servers: [CodeWhispererServerTokenProxy, CodeWhispererSecurityScanServerTokenProxy, NetTransformServer],

2. language-servers/server/aws-lsp-codewhisperer/src/language-server/proxy-server.ts

   Line 8 in c5a9b58

   export const CodeWhispererServerTokenProxy = CodewhispererServerFactory(credentialsProvider => {

3. language-servers/server/aws-lsp-codewhisperer/src/language-server/codeWhispererService.ts

   Line 97 in c5a9b58

   export class CodeWhispererServiceToken extends CodeWhispererServiceBase {

Describe the solution you'd like

Code search shows that nothing is actually referencing CodeWhispererServiceIAM effectively yet:

1. https://github.com/aws/language-servers/blob/c5a9b5882642b4c6ce5d59bb4815789a2636af03/server/aws-lsp-codewhisperer/src/language-server/codeWhispererService.ts#L48C14-L48C37
   1. https://github.com/search?q=repo%3Aaws%2Flanguage-servers%20CodeWhispererServiceIAM&type=code

2. language-servers/server/aws-lsp-codewhisperer/src/language-server/codeWhispererServer.ts

   Line 566 in 638b123

   export const CodeWhispererServerIAM = CodewhispererServerFactory(

   1. https://github.com/search?q=repo%3Aaws%2Flanguage-servers%20CodeWhispererServerIAM&type=code

I will either need to get bearer tokens for a Builder ID, or we'll need to bridge the gap for supporting IAM-based authentication for the LSP service. As an internal employee at Amazon, it is significantly easier for me to use IAM credentials over a bearer token for a Builder ID.

[viktorsaws]

Hi Todd,
indeed so far we didn't have example of using IAM-based Amazon Q server in this project. I've created sample configuration in this PR, it shows how to build and run it with sample VSCode extension #264

[twwildey]

I see that #264 was merged @viktorsaws: https://github.com/aws/language-servers/blob/main/app/aws-lsp-codewhisperer-binary/src/iam-standalone.ts

This definitely unblocks me now, but we should iterate towards an LSP server that accepts either Builder ID bearer tokens or IAM credentials without needing to switch the executable. Switching the executable is very inconvenient to any LSP plugins in Sublime Text. Should we use this GitHub issue for tracking this?

[imykhai]

Sorry for the delay. Is this something that would still be useful?

[suprajaven]

I am closing this issue since there is no update for over a month, if this is still required we will track a separate discussion

[twwildey]

This would still be useful. The LSP ecosystem for Sublime Text defines the path to the executable for the LSP server statically, and it will be painful to bifurcate this based on configuration.