@askalf/dario 3.31.11 → 3.31.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/accounts.js +8 -1
- package/package.json +1 -1
package/dist/accounts.js
CHANGED
|
@@ -195,7 +195,14 @@ function openBrowser(url) {
|
|
|
195
195
|
export async function addAccountViaOAuth(alias) {
|
|
196
196
|
const cfg = await detectCCOAuthConfig();
|
|
197
197
|
const { codeVerifier, codeChallenge } = generatePKCE();
|
|
198
|
-
|
|
198
|
+
// 32 random bytes → 43-char base64url state. Matches what CC v2.1.116+
|
|
199
|
+
// ships in `/login` URLs; Anthropic's `/oauth/authorize` endpoint started
|
|
200
|
+
// rejecting shorter states with "Invalid request format" on 2026-04-23
|
|
201
|
+
// (dario#71 repro: URL was byte-equivalent to CC's except state was
|
|
202
|
+
// 22 chars → reject, 43 chars → accept). RFC 6749 only requires
|
|
203
|
+
// "non-guessable," so shorter is technically legal — Anthropic's stricter
|
|
204
|
+
// than spec here. Keep in lockstep with CC's bytes-per-random.
|
|
205
|
+
const state = base64url(randomBytes(32));
|
|
199
206
|
return new Promise((resolve, reject) => {
|
|
200
207
|
let port = 0;
|
|
201
208
|
const server = createServer(async (req, res) => {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@askalf/dario",
|
|
3
|
-
"version": "3.31.
|
|
3
|
+
"version": "3.31.12",
|
|
4
4
|
"description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|