[Cyberduck-trac] [Cyberduck] #11699: Improve Windows Credential Manager support

Cyberduck trac at cyberduck.io
Mon Jun 7 13:29:43 UTC 2021

#11699: Improve Windows Credential Manager support
    Reporter:  jmalek       |      Owner:  jmalek
        Type:  enhancement  |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  interface    |    Version:  7.9.2
    Severity:  normal       |   Keywords:
Architecture:               |   Platform:  Windows 7
 Current Windows Credential Manager implementation splits OAuth Access and
 Refresh Token into two separate entries in Windows Credential Manager -
 this should ideally be one single entry.

 Windows Credential Manager [https://docs.microsoft.com/en-
 us/windows/win32/api/wincred/ns-wincred-credentiala limits passwords] to
 be max size of CRED_MAX_CREDENTIAL_BLOB_SIZE (512) bytes - this is
 problematic as AAD OAuth tokens easily exceed 512 Bytes.

 Leverage use of [https://docs.microsoft.com/en-
 CredentialAttribute] which allows page sizes of CRED_MAX_VALUE_SIZE (256)
 bytes, with up to CRED_MAX_ATTRIBUTES (64) pages - this would allow
 storing 16 KiB of data in a Windows Credential Manager-entry - resulting
 in one entry per OAuth Access/Refresh-Token. Additional metadata can be
 stored as well (token expiry) as this is currently not handled correctly.

 For this to work we rely on the CSWin32- and Win32Metadata-projects to
 leave Preview (Win32Metadata) and Beta (CSWin32) state and release a
 stable build.

Ticket URL: <https://trac.cyberduck.io/ticket/11699>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list