Stop attempting to refresh Spring tokens in desktop (#5610)

# Description of Changes

<!--
Please provide a summary of the changes, including:

- What was changed
- Why the change was made
- Any challenges encountered

Closes #(issue_number)
-->

---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### Translations (if applicable)

- [ ] I ran
[`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.

---------

Co-authored-by: James Brunton <[email protected]>
This commit is contained in:
Anthony Stirling
2026-01-31 20:28:59 +00:00
committed by GitHub
co-authored by James Brunton
parent 36358fc139
commit 2ae413c5ea
6 changed files with 309 additions and 54 deletions
+114
View File
@@ -11,8 +11,11 @@ use rand::distributions::Alphanumeric;
const STORE_FILE: &str = "connection.json";
const USER_INFO_KEY: &str = "user_info";
const TOKENS_STORE_FILE: &str = "tokens.json";
const REFRESH_TOKEN_STORE_KEY: &str = "refresh_token";
const KEYRING_SERVICE: &str = "stirling-pdf";
const KEYRING_TOKEN_KEY: &str = "auth-token";
const KEYRING_REFRESH_TOKEN_KEY: &str = "refresh-token";
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct UserInfo {
@@ -31,6 +34,11 @@ fn get_keyring_entry() -> Result<Entry, String> {
Ok(entry)
}
fn get_refresh_token_keyring_entry() -> Result<Entry, String> {
Entry::new(KEYRING_SERVICE, KEYRING_REFRESH_TOKEN_KEY)
.map_err(|e| format!("Failed to access keyring: {}", e))
}
#[tauri::command]
pub async fn save_auth_token(_app_handle: AppHandle, token: String) -> Result<(), String> {
let trimmed = token.trim();
@@ -101,6 +109,112 @@ pub async fn clear_auth_token(_app_handle: AppHandle) -> Result<(), String> {
}
}
#[tauri::command]
pub async fn save_refresh_token(app_handle: AppHandle, token: String) -> Result<(), String> {
log::info!("Saving refresh token - trying keyring first");
let entry = get_refresh_token_keyring_entry()?;
// Try keyring (works in production with code signing)
match entry.set_password(&token) {
Ok(_) => {
// Verify it persists (fails in unsigned dev builds)
match entry.get_password() {
Ok(saved) if saved == token => {
log::info!("✅ Refresh token saved to keyring (production mode)");
return Ok(());
}
_ => {
log::info!("Keyring doesn't persist - using Tauri Store fallback (dev mode)");
}
}
}
Err(e) => {
log::info!("Keyring failed: {} - using Tauri Store fallback", e);
}
}
// Fallback to Tauri Store (dev mode without code signing)
let store = app_handle
.store(TOKENS_STORE_FILE)
.map_err(|e| format!("Failed to access tokens store: {}", e))?;
store.set(
REFRESH_TOKEN_STORE_KEY,
serde_json::to_value(&token)
.map_err(|e| format!("Failed to serialize token: {}", e))?,
);
store
.save()
.map_err(|e| format!("Failed to save tokens store: {}", e))?;
log::info!("✅ Refresh token saved to Tauri Store (fallback)");
Ok(())
}
#[tauri::command]
pub async fn get_refresh_token(app_handle: AppHandle) -> Result<Option<String>, String> {
// Try keyring first (production)
let entry = get_refresh_token_keyring_entry()?;
match entry.get_password() {
Ok(token) => {
log::info!("✅ Refresh token retrieved from keyring");
return Ok(Some(token));
}
Err(keyring::Error::NoEntry) => {
log::debug!("No token in keyring, trying Tauri Store");
}
Err(e) => {
log::warn!("Keyring error: {} - trying Tauri Store", e);
}
}
// Fallback to Tauri Store (dev)
let store = app_handle
.store(TOKENS_STORE_FILE)
.map_err(|e| format!("Failed to access tokens store: {}", e))?;
let token: Option<String> = store
.get(REFRESH_TOKEN_STORE_KEY)
.and_then(|v| serde_json::from_value(v.clone()).ok());
if token.is_some() {
log::info!("✅ Refresh token retrieved from Tauri Store");
} else {
log::info!("No refresh token found");
}
Ok(token)
}
#[tauri::command]
pub async fn clear_refresh_token(app_handle: AppHandle) -> Result<(), String> {
log::info!("Clearing refresh token from all storage");
// Clear from keyring
let entry = get_refresh_token_keyring_entry()?;
match entry.delete_credential() {
Ok(_) => log::info!("Cleared from keyring"),
Err(keyring::Error::NoEntry) => log::debug!("Not in keyring"),
Err(e) => log::warn!("Keyring clear error: {}", e),
}
// Clear from Tauri Store
let store = app_handle
.store(TOKENS_STORE_FILE)
.map_err(|e| format!("Failed to access tokens store: {}", e))?;
store.delete(REFRESH_TOKEN_STORE_KEY);
store
.save()
.map_err(|e| format!("Failed to save tokens store: {}", e))?;
log::info!("✅ Refresh token cleared");
Ok(())
}
#[tauri::command]
pub async fn save_user_info(
app_handle: AppHandle,
+3
View File
@@ -14,11 +14,14 @@ pub use connection::{
};
pub use auth::{
clear_auth_token,
clear_refresh_token,
clear_user_info,
get_auth_token,
get_refresh_token,
get_user_info,
login,
save_auth_token,
save_refresh_token,
save_user_info,
start_oauth_login,
};
+6
View File
@@ -9,17 +9,20 @@ use commands::{
cleanup_backend,
clear_auth_token,
clear_opened_files,
clear_refresh_token,
clear_user_info,
is_default_pdf_handler,
get_auth_token,
get_backend_port,
get_connection_config,
get_opened_files,
get_refresh_token,
get_user_info,
is_first_launch,
login,
reset_setup_completion,
save_auth_token,
save_refresh_token,
save_user_info,
set_connection_mode,
set_as_default_pdf_handler,
@@ -143,6 +146,9 @@ pub fn run() {
save_auth_token,
get_auth_token,
clear_auth_token,
save_refresh_token,
get_refresh_token,
clear_refresh_token,
save_user_info,
get_user_info,
clear_user_info,