Recently-rejected OAuth state values mapped to a user-facing message. Bridges the gap
between in-process cancellation/timeout and the user's browser, which may still have the
OAuth tab open and arrive at the callback path seconds later; without this cache the late
callback would render a generic "Unknown or expired OAuth state" message instead of the
real reason the flow ended.
Each entry has a TTL of MCP_OAUTH_CALLBACK_TIMEOUT via rejectedTimers. The
additional FIFO cap (by Map insertion order, bounded by MCP_OAUTH_REJECTED_CALLBACK_LIMIT)
is a backstop in case a burst of cancellations outpaces those timers. FIFO is preferred over
LRU because each entry is consumed at most once and recency of insertion is what predicts
whether a browser callback will still arrive.
Recently-rejected OAuth
statevalues mapped to a user-facing message. Bridges the gap between in-process cancellation/timeout and the user's browser, which may still have the OAuth tab open and arrive at the callback path seconds later; without this cache the late callback would render a generic "Unknown or expired OAuth state" message instead of the real reason the flow ended.Each entry has a TTL of MCP_OAUTH_CALLBACK_TIMEOUT via rejectedTimers. The additional FIFO cap (by Map insertion order, bounded by MCP_OAUTH_REJECTED_CALLBACK_LIMIT) is a backstop in case a burst of cancellations outpaces those timers. FIFO is preferred over LRU because each entry is consumed at most once and recency of insertion is what predicts whether a browser callback will still arrive.