
























@@ -30,59 +30,61 @@ describe("resolveCliAuthEpoch", () => {
3030).resolves.toBeUndefined();
3131});
323233-it("keeps claude cli oauth epochs stable across access-token refreshes", async () => {
33+it("keeps identity-less claude cli oauth epochs stable across token changes", async () => {
3434let access = "access-a";
35+let refresh = "refresh-a";
3536let expires = 1;
3637setCliAuthEpochTestDeps({
3738readClaudeCliCredentialsCached: () => ({
3839type: "oauth",
3940provider: "anthropic",
4041 access,
41-refresh: "refresh",
42+ refresh,
4243 expires,
4344}),
4445});
45464647const first = await resolveCliAuthEpoch({ provider: "claude-cli" });
4748access = "access-b";
49+refresh = "refresh-b";
4850expires = 2;
4951const second = await resolveCliAuthEpoch({ provider: "claude-cli" });
50525153expect(first).toBeDefined();
5254expect(second).toBe(first);
5355});
545655-it("changes claude cli oauth epochs when the refresh token changes", async () => {
56-let refresh = "refresh-a";
57+it("changes claude cli token epochs when the static token changes", async () => {
58+let token = "token-a";
5759setCliAuthEpochTestDeps({
5860readClaudeCliCredentialsCached: () => ({
59-type: "oauth",
61+type: "token",
6062provider: "anthropic",
61-access: "access",
62- refresh,
63+ token,
6364expires: 1,
6465}),
6566});
66676768const first = await resolveCliAuthEpoch({ provider: "claude-cli" });
68-refresh = "refresh-b";
69+token = "token-b";
6970const second = await resolveCliAuthEpoch({ provider: "claude-cli" });
70717172expect(first).toBeDefined();
7273expect(second).toBeDefined();
7374expect(second).not.toBe(first);
7475});
757676-it("keeps oauth auth-profile epochs stable across access-token refreshes", async () => {
77+it("keeps oauth auth-profile epochs stable across token refreshes", async () => {
7778let store: AuthProfileStore = {
7879version: 1,
7980profiles: {
8081"anthropic:work": {
8182type: "oauth",
8283provider: "anthropic",
8384access: "access-a",
84-refresh: "refresh",
85+refresh: "refresh-a",
8586expires: 1,
87+email: "user@example.com",
8688},
8789},
8890};
@@ -101,8 +103,9 @@ describe("resolveCliAuthEpoch", () => {
101103type: "oauth",
102104provider: "anthropic",
103105access: "access-b",
104-refresh: "refresh",
106+refresh: "refresh-b",
105107expires: 2,
108+email: "user@example.com",
106109},
107110},
108111};
@@ -115,16 +118,17 @@ describe("resolveCliAuthEpoch", () => {
115118expect(second).toBe(first);
116119});
117120118-it("changes oauth auth-profile epochs when the refresh token changes", async () => {
121+it("changes oauth auth-profile epochs when the account identity changes", async () => {
119122let store: AuthProfileStore = {
120123version: 1,
121124profiles: {
122125"anthropic:work": {
123126type: "oauth",
124127provider: "anthropic",
125128access: "access",
126-refresh: "refresh-a",
129+refresh: "refresh",
127130expires: 1,
131+email: "user-a@example.com",
128132},
129133},
130134};
@@ -143,8 +147,9 @@ describe("resolveCliAuthEpoch", () => {
143147type: "oauth",
144148provider: "anthropic",
145149access: "access",
146-refresh: "refresh-b",
150+refresh: "refresh",
147151expires: 1,
152+email: "user-b@example.com",
148153},
149154},
150155};
@@ -162,14 +167,16 @@ describe("resolveCliAuthEpoch", () => {
162167let access = "local-access-a";
163168let localRefresh = "local-refresh-a";
164169let refresh = "profile-refresh-a";
170+let accountId = "acct-1";
171+let email = "user-a@example.com";
165172setCliAuthEpochTestDeps({
166173readCodexCliCredentialsCached: () => ({
167174type: "oauth",
168175provider: "openai-codex",
169176 access,
170177refresh: localRefresh,
171178expires: 1,
172-accountId: "acct-1",
179+ accountId,
173180}),
174181loadAuthProfileStoreForRuntime: () => ({
175182version: 1,
@@ -180,6 +187,7 @@ describe("resolveCliAuthEpoch", () => {
180187access: "profile-access",
181188 refresh,
182189expires: 1,
190+ email,
183191},
184192},
185193}),
@@ -204,18 +212,31 @@ describe("resolveCliAuthEpoch", () => {
204212provider: "codex-cli",
205213authProfileId: "openai:work",
206214});
215+accountId = "acct-2";
216+const fifth = await resolveCliAuthEpoch({
217+provider: "codex-cli",
218+authProfileId: "openai:work",
219+});
220+email = "user-b@example.com";
221+const sixth = await resolveCliAuthEpoch({
222+provider: "codex-cli",
223+authProfileId: "openai:work",
224+});
207225208226expect(first).toBeDefined();
209-expect(third).toBeDefined();
210-expect(fourth).toBeDefined();
211227expect(second).toBe(first);
212-expect(third).not.toBe(second);
213-expect(fourth).not.toBe(third);
228+expect(third).toBe(second);
229+expect(fourth).toBe(third);
230+expect(fifth).toBeDefined();
231+expect(sixth).toBeDefined();
232+expect(fifth).not.toBe(fourth);
233+expect(sixth).not.toBe(fifth);
214234});
215235216236it("can ignore local codex state when the backend is profile-owned", async () => {
217237let localAccess = "local-access-a";
218238let profileRefresh = "profile-refresh-a";
239+let profileAccountId = "acct-1";
219240setCliAuthEpochTestDeps({
220241readCodexCliCredentialsCached: () => ({
221242type: "oauth",
@@ -234,7 +255,7 @@ describe("resolveCliAuthEpoch", () => {
234255access: "profile-access",
235256refresh: profileRefresh,
236257expires: 1,
237-accountId: "acct-1",
258+accountId: profileAccountId,
238259},
239260},
240261}),
@@ -257,10 +278,17 @@ describe("resolveCliAuthEpoch", () => {
257278authProfileId: "openai-codex:default",
258279skipLocalCredential: true,
259280});
281+profileAccountId = "acct-2";
282+const fourth = await resolveCliAuthEpoch({
283+provider: "codex-cli",
284+authProfileId: "openai-codex:default",
285+skipLocalCredential: true,
286+});
260287261288expect(first).toBeDefined();
262289expect(second).toBe(first);
263-expect(third).toBeDefined();
264-expect(third).not.toBe(second);
290+expect(third).toBe(second);
291+expect(fourth).toBeDefined();
292+expect(fourth).not.toBe(third);
265293});
266294});
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。