diff options
Diffstat (limited to 'docs/oauth-provider-auth.md')
| -rw-r--r-- | docs/oauth-provider-auth.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/oauth-provider-auth.md b/docs/oauth-provider-auth.md index 268c7e9..ab11cf8 100644 --- a/docs/oauth-provider-auth.md +++ b/docs/oauth-provider-auth.md @@ -38,7 +38,7 @@ Core should own: - loading and validating named auth blocks - API-key resolution from literal config or environment - OAuth login flows -- token persistence under `$PANTO_HOME` +- token persistence under the panto data home - refresh-before-turn with an expiry margin - refresh-after-401/403 with one retry - final request-header injection @@ -405,7 +405,7 @@ If Lua still needs HTTP later, expose a separate `panto.http` wrapper. ### C4. Token storage -Store under `$PANTO_HOME/auth/<name>.json` initially: +Store under `<data home>/auth/<name>.json` initially: ```json { @@ -503,7 +503,7 @@ provider must name an `[auth.<name>]` session via `auth = "<name>"`; provider-level `api_key`/`api_key_env_var` are gone. Resolved decisions for the open questions above: `auth` is required for networked providers; Codex device auth is a `dialect = "codex"` variant of the generic `oauth_device` type; -keychain storage is deferred (file-backed `$PANTO_HOME/auth/<name>.json`, +keychain storage is deferred (file-backed `<data home>/auth/<name>.json`, owner-only `0600`). The `[auth.<name>]` schema is deliberately flat and minimal: |
