




























@@ -28,7 +28,7 @@ const {
2828 formatProviderAuthProfileApiKeyWithPluginMock,
2929} = getOAuthProviderRuntimeMocks();
303031-function expectPersistedOpenAICodexProfileWithoutInlineTokens(
31+function expectPersistedOpenAICodexProfile(
3232credential: AuthProfileStore["profiles"][string],
3333metadata: Record<string, unknown> = {},
3434): void {
@@ -37,9 +37,6 @@ function expectPersistedOpenAICodexProfileWithoutInlineTokens(
3737for (const [key, value] of Object.entries(metadata)) {
3838expect((credential as Record<string, unknown> | undefined)?.[key]).toEqual(value);
3939}
40-expect(credential).not.toHaveProperty("access");
41-expect(credential).not.toHaveProperty("refresh");
42-expect(credential).not.toHaveProperty("idToken");
4340}
44414542function requireOAuthCredential(store: AuthProfileStore, profileId: string): OAuthCredential {
@@ -99,7 +96,7 @@ describe("resolveApiKeyForProfile OAuth refresh mirror-to-main (#26322)", () =>
9996await removeOAuthTestTempRoot(tempRoot);
10097});
10198102-it("mirrors refreshed Codex OAuth metadata into the main store without inline tokens", async () => {
99+it("mirrors refreshed Codex OAuth credentials into the main store", async () => {
103100const profileId = "openai-codex:default";
104101const provider = "openai-codex";
105102const accountId = "acct-shared";
@@ -135,12 +132,12 @@ describe("resolveApiKeyForProfile OAuth refresh mirror-to-main (#26322)", () =>
135132const mainRaw = JSON.parse(
136133await fs.readFile(path.join(mainAgentDir, "auth-profiles.json"), "utf8"),
137134) as AuthProfileStore;
138-expectPersistedOpenAICodexProfileWithoutInlineTokens(mainRaw.profiles[profileId], {
135+expectPersistedOpenAICodexProfile(mainRaw.profiles[profileId], {
136+access: "sub-refreshed-access",
137+refresh: "sub-refreshed-refresh",
139138expires: freshExpiry,
140139 accountId,
141140});
142-expect(JSON.stringify(mainRaw)).not.toContain("sub-refreshed-access");
143-expect(JSON.stringify(mainRaw)).not.toContain("sub-refreshed-refresh");
144141});
145142146143it("does not mirror when refresh was performed from the main agent itself", async () => {
@@ -177,11 +174,11 @@ describe("resolveApiKeyForProfile OAuth refresh mirror-to-main (#26322)", () =>
177174const mainRaw = JSON.parse(
178175await fs.readFile(path.join(mainAgentDir, "auth-profiles.json"), "utf8"),
179176) as AuthProfileStore;
180-expectPersistedOpenAICodexProfileWithoutInlineTokens(mainRaw.profiles[profileId], {
177+expectPersistedOpenAICodexProfile(mainRaw.profiles[profileId], {
178+access: "main-refreshed-access",
179+refresh: "main-refreshed-refresh",
181180expires: freshExpiry,
182181});
183-expect(JSON.stringify(mainRaw)).not.toContain("main-refreshed-access");
184-expect(JSON.stringify(mainRaw)).not.toContain("main-refreshed-refresh");
185182expect(refreshProviderOAuthCredentialWithPluginMock).toHaveBeenCalledTimes(1);
186183});
187184@@ -349,22 +346,22 @@ describe("resolveApiKeyForProfile OAuth refresh mirror-to-main (#26322)", () =>
349346const subRaw = JSON.parse(
350347await fs.readFile(path.join(subAgentDir, "auth-profiles.json"), "utf8"),
351348) as AuthProfileStore;
352-expectPersistedOpenAICodexProfileWithoutInlineTokens(subRaw.profiles[profileId], {
349+expectPersistedOpenAICodexProfile(subRaw.profiles[profileId], {
350+access: "local-stale-access",
351+refresh: "local-stale-refresh",
353352expires: now - 120_000,
354353 accountId,
355354});
356-expect(JSON.stringify(subRaw)).not.toContain("local-stale-access");
357-expect(JSON.stringify(subRaw)).not.toContain("local-stale-refresh");
358355359356const mainRaw = JSON.parse(
360357await fs.readFile(path.join(mainAgentDir, "auth-profiles.json"), "utf8"),
361358) as AuthProfileStore;
362-expectPersistedOpenAICodexProfileWithoutInlineTokens(mainRaw.profiles[profileId], {
359+expectPersistedOpenAICodexProfile(mainRaw.profiles[profileId], {
360+access: "main-owner-refreshed-access",
361+refresh: "main-owner-refreshed-refresh",
363362expires: freshExpiry,
364363 accountId,
365364});
366-expect(JSON.stringify(mainRaw)).not.toContain("main-owner-refreshed-access");
367-expect(JSON.stringify(mainRaw)).not.toContain("main-owner-refreshed-refresh");
368365});
369366370367it("inherits main-agent credentials via the catch-block fallback when refresh throws after main becomes fresh", async () => {
@@ -432,10 +429,11 @@ describe("resolveApiKeyForProfile OAuth refresh mirror-to-main (#26322)", () =>
432429const subRaw = JSON.parse(
433430await fs.readFile(path.join(subAgentDir, "auth-profiles.json"), "utf8"),
434431) as AuthProfileStore;
435-expectPersistedOpenAICodexProfileWithoutInlineTokens(subRaw.profiles[profileId], {
432+expectPersistedOpenAICodexProfile(subRaw.profiles[profileId], {
433+access: "cached-access-token",
434+refresh: "refresh-token",
436435accountId: "acct-shared",
437436});
438-expect(JSON.stringify(subRaw)).not.toContain("cached-access-token");
439437});
440438441439it("does not satisfy forced refresh from unchanged main-agent credentials after refresh fails", async () => {
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。