fix: remove handle_auth_callback from invoke_handler
The auth callback is handled exclusively via the deep-link handler in lib.rs — exposing it as a JS-invocable command is unnecessary attack surface. The frontend listens for auth-callback-success/error events instead. Plaintext token storage documented as known limitation (see #66). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
le king fu
parent
60b995394e
commit
e314bbe1e3
2 changed files with 0 additions and 5 deletions
|
|
@ -157,7 +157,6 @@ pub fn run() {
|
||||||
commands::list_activated_machines,
|
commands::list_activated_machines,
|
||||||
commands::get_activation_status,
|
commands::get_activation_status,
|
||||||
commands::start_oauth,
|
commands::start_oauth,
|
||||||
commands::handle_auth_callback,
|
|
||||||
commands::refresh_auth_token,
|
commands::refresh_auth_token,
|
||||||
commands::get_account_info,
|
commands::get_account_info,
|
||||||
commands::check_subscription_status,
|
commands::check_subscription_status,
|
||||||
|
|
|
||||||
|
|
@ -11,10 +11,6 @@ export async function startOAuth(): Promise<string> {
|
||||||
return invoke<string>("start_oauth");
|
return invoke<string>("start_oauth");
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function handleAuthCallback(code: string): Promise<AccountInfo> {
|
|
||||||
return invoke<AccountInfo>("handle_auth_callback", { code });
|
|
||||||
}
|
|
||||||
|
|
||||||
export async function refreshAuthToken(): Promise<AccountInfo> {
|
export async function refreshAuthToken(): Promise<AccountInfo> {
|
||||||
return invoke<AccountInfo>("refresh_auth_token");
|
return invoke<AccountInfo>("refresh_auth_token");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue