Issues with authentication prompts when using profiles

[traeok]

Describe the bug

There are a few issues with how we prompt for authentication when using profiles. Some issues are exclusive to v3 and others span across both major versions.

• Extenders do not get credential prompting for free when using the APIs outside of Zowe Explorer actions
  • This may not be that problematic, but would be nice for extenders to have, and avoids the need for extenders to add the logic themselves (code duplication)
  • Applies to: v2, v3
• We need to block before attempting to use a profile again with the invalid creds/token, to avoid continued attempts by the filesystem (some out of our control)
  • This is an issue and will need to be resolved to avoid credential loops in virtual workspaces and other areas
  • Applies to: v3
• We have to add error handling everywhere that the APIs are used to handle authentication errors
  • Not a serious issue, but the code duplication can be avoided and will need to be considered for every new feature/fix
  • Applies to: v2, v3
• While its not an issue, it would be nice to "lock" a profile so that we can wait / prompt for auth before making another request
  • Applies to: v2, v3

To Reproduce

Expected behavior

Screenshots

Desktop (please complete the following information):

• OS:
• Zowe Explorer Version:
• (Optional) Zowe CLI Version:
• (Optional) Are you using Secure Credential Store?

Additional context

[github-actions]

Thank you for creating a bug report.
We will investigate the bug and evaluate its impact on the product.
If you haven't already, please ensure you have provided steps to reproduce the bug and as much context as possible.

[Buckminsterfullerene02]

We need to block before attempting to use a profile again with the invalid creds/token, to avoid continued attempts by the filesystem (some out of our control)

We have this issue big time, in that when our mainframe password is changed (every month), zowe consistently spams the mainframe with the incorrect credentials, causing mainframe lockout and having to go through the steps to unlock the account. It would be a great step forward to have this fixed on 3.x!

[davenice]

I have also hit the issue where it uses my creds, they fail, it prompts me to update, fails to update, and then tries them again.

Because there are 3 trees all using the same creds, it's easy to get locked out :-D

Would this issue be the right one to cover "don't reuse credentials after a 401, until they've changed"?

[traeok]

Would this issue be the right one to cover "don't reuse credentials after a 401, until they've changed"?

@davenice Yes, I think this related to what @Buckminsterfullerene02 mentioned regarding the repeated attempts. This is primarily due to VS Code making requests for files in opened editors or virtual workspaces - multiple requests are made at the same time and our APIs do not currently support handling race conditions. I've been working on a PoC for locking profiles to prevent subsequent operations in the filesystem with the same invalid credentials. This should also resolve the lockout issue since only one request is sent with invalid credentials before the profile is "locked." Hoping to get this out in time for the 3.1.0 release.