[Cyberduck-trac] [Cyberduck] #11699: Improve Windows Credential Manager support
Cyberduck
trac at cyberduck.io
Mon Jun 7 13:29:43 UTC 2021
#11699: Improve Windows Credential Manager support
----------------------------+-----------------------
Reporter: jmalek | Owner: jmalek
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: interface | Version: 7.9.2
Severity: normal | Keywords:
Architecture: | Platform: Windows 7
----------------------------+-----------------------
Current Windows Credential Manager implementation splits OAuth Access and
Refresh Token into two separate entries in Windows Credential Manager -
this should ideally be one single entry.
Windows Credential Manager [https://docs.microsoft.com/en-
us/windows/win32/api/wincred/ns-wincred-credentiala limits passwords] to
be max size of CRED_MAX_CREDENTIAL_BLOB_SIZE (512) bytes - this is
problematic as AAD OAuth tokens easily exceed 512 Bytes.
Leverage use of [https://docs.microsoft.com/en-
us/windows/win32/api/wincred/ns-wincred-credential_attributea
CredentialAttribute] which allows page sizes of CRED_MAX_VALUE_SIZE (256)
bytes, with up to CRED_MAX_ATTRIBUTES (64) pages - this would allow
storing 16 KiB of data in a Windows Credential Manager-entry - resulting
in one entry per OAuth Access/Refresh-Token. Additional metadata can be
stored as well (token expiry) as this is currently not handled correctly.
For this to work we rely on the CSWin32- and Win32Metadata-projects to
leave Preview (Win32Metadata) and Beta (CSWin32) state and release a
stable build.
--
Ticket URL: <https://trac.cyberduck.io/ticket/11699>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list