@deque/axe-auth 1.1.0-next.adf1ee93 → 1.1.0-next.b1986c00
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/oauth/tokenStore.d.ts +23 -0
- package/dist/oauth/tokenStore.js +37 -1
- package/package.json +1 -1
|
@@ -108,6 +108,29 @@ export type BlobChainResult = {
|
|
|
108
108
|
* and `MIGRATORS` and applies the latest-shape check on top.
|
|
109
109
|
*/
|
|
110
110
|
export declare function parseAndMigrateBlob(raw: string | null, expectedVersion?: number, migrators?: ReadonlyMap<number, (old: unknown) => unknown | null>): BlobChainResult;
|
|
111
|
+
/**
|
|
112
|
+
* Builds the user-facing keychain error message. Platform is a
|
|
113
|
+
* parameter (defaulting to `process.platform`) so tests can drive each
|
|
114
|
+
* branch without mocking the runtime; mirrors the pattern in
|
|
115
|
+
* `platformKeyringHint`.
|
|
116
|
+
*
|
|
117
|
+
* The Windows-specific size-limit message is only used when the
|
|
118
|
+
* underlying error matches the binding's "longer than the platform
|
|
119
|
+
* limit" wording AND the runtime is win32 — that combination is the
|
|
120
|
+
* only way the size cap actually manifests in practice. On other
|
|
121
|
+
* platforms (or for any other binding error) we fall back to the
|
|
122
|
+
* generic per-platform hint.
|
|
123
|
+
*/
|
|
124
|
+
export declare function keyringErrorMessage(op: string, cause: unknown, platform?: NodeJS.Platform): string;
|
|
125
|
+
/**
|
|
126
|
+
* Detects the `@napi-rs/keyring` error string for "value too large".
|
|
127
|
+
* In practice only Windows Credential Manager triggers this — its
|
|
128
|
+
* stored values are capped at 2560 UTF-16 chars; macOS Keychain and
|
|
129
|
+
* Linux libsecret have no comparable limit. Exported (but not
|
|
130
|
+
* re-exported from the package index) so tests can exercise the
|
|
131
|
+
* detector independently of the wrap path.
|
|
132
|
+
*/
|
|
133
|
+
export declare function isKeyringSizeError(cause: unknown): boolean;
|
|
111
134
|
/**
|
|
112
135
|
* Returns a per-platform hint appended to keychain error messages so
|
|
113
136
|
* users see actionable guidance for their OS instead of generic or
|
package/dist/oauth/tokenStore.js
CHANGED
|
@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.KeyringTokenStore = exports.STORED_BLOB_VERSION = void 0;
|
|
4
4
|
exports.shouldChunkForKeyring = shouldChunkForKeyring;
|
|
5
5
|
exports.parseAndMigrateBlob = parseAndMigrateBlob;
|
|
6
|
+
exports.keyringErrorMessage = keyringErrorMessage;
|
|
7
|
+
exports.isKeyringSizeError = isKeyringSizeError;
|
|
6
8
|
exports.platformKeyringHint = platformKeyringHint;
|
|
7
9
|
exports.chunkBlobForKeyring = chunkBlobForKeyring;
|
|
8
10
|
const errors_1 = require("./errors");
|
|
@@ -194,8 +196,42 @@ function wrapKeyringError(op, cause) {
|
|
|
194
196
|
if (cause instanceof errors_1.OAuthFlowError) {
|
|
195
197
|
throw cause;
|
|
196
198
|
}
|
|
199
|
+
throw new errors_1.OAuthFlowError("KEYRING_UNAVAILABLE", keyringErrorMessage(op, cause), {
|
|
200
|
+
cause,
|
|
201
|
+
});
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Builds the user-facing keychain error message. Platform is a
|
|
205
|
+
* parameter (defaulting to `process.platform`) so tests can drive each
|
|
206
|
+
* branch without mocking the runtime; mirrors the pattern in
|
|
207
|
+
* `platformKeyringHint`.
|
|
208
|
+
*
|
|
209
|
+
* The Windows-specific size-limit message is only used when the
|
|
210
|
+
* underlying error matches the binding's "longer than the platform
|
|
211
|
+
* limit" wording AND the runtime is win32 — that combination is the
|
|
212
|
+
* only way the size cap actually manifests in practice. On other
|
|
213
|
+
* platforms (or for any other binding error) we fall back to the
|
|
214
|
+
* generic per-platform hint.
|
|
215
|
+
*/
|
|
216
|
+
function keyringErrorMessage(op, cause, platform = process.platform) {
|
|
217
|
+
if (platform === "win32" && isKeyringSizeError(cause)) {
|
|
218
|
+
return `System keychain ${op} failed: Windows Credential Manager limits stored values to 2560 UTF-16 characters. Large OAuth access-token JWTs (many groups/roles claims) commonly exceed this.`;
|
|
219
|
+
}
|
|
197
220
|
const causeMessage = cause instanceof Error ? cause.message : String(cause);
|
|
198
|
-
|
|
221
|
+
return `System keychain ${op} failed: ${causeMessage}. ${platformKeyringHint(platform)}`;
|
|
222
|
+
}
|
|
223
|
+
/**
|
|
224
|
+
* Detects the `@napi-rs/keyring` error string for "value too large".
|
|
225
|
+
* In practice only Windows Credential Manager triggers this — its
|
|
226
|
+
* stored values are capped at 2560 UTF-16 chars; macOS Keychain and
|
|
227
|
+
* Linux libsecret have no comparable limit. Exported (but not
|
|
228
|
+
* re-exported from the package index) so tests can exercise the
|
|
229
|
+
* detector independently of the wrap path.
|
|
230
|
+
*/
|
|
231
|
+
function isKeyringSizeError(cause) {
|
|
232
|
+
if (!(cause instanceof Error))
|
|
233
|
+
return false;
|
|
234
|
+
return /longer than the platform limit/.test(cause.message);
|
|
199
235
|
}
|
|
200
236
|
/**
|
|
201
237
|
* Returns a per-platform hint appended to keychain error messages so
|