unable to overwrite password on Windows due to roaming changes

[emusgrave]

Prerequisites

• [X] Put an X between the brackets on this line if you have done all of the following:

Description

Existing credentials that were saved on Windows with Local persistence (pre-5.0 of this library) are not overwritten/replaced by new Enterprise credentials. So, my app continued to load old credentials and I had no way to update them until I manually removed the old credential record using the Windows Credential Manager.

Steps to Reproduce

1. Save a credential using a pre-5.0 build
2. Upgrade to the latest
3. Save a credential using the same app id/username as in step #1, but different password
4. Load the password and note that it is the same password that was saved in step #1

Additional Information

Using Windows 10

[shiftkey]

@emusgrave thanks for the report! Can you confirm whether or not the user seeing this issue has roaming user profiles enabled? I don't have the setup available to test this quickly, but it'd be good to know what state the account is in to better understand this behaviour.

[emusgrave]

It's a domain-joined account, but not using Roaming Profiles.

I realize it would make the API messy for the other platforms, but it might be worth considering making the credential type an option instead of forcing it to one or the other.

[mchernov]

@shiftkey @emusgrave We've hit the exact same issue after updating keytar from v4 to v6 and for ~10-15% of users the same issue happened where old credentials couldn't be overwritten nor deleted even though the api returned success. Happening on windows only.

Update: reverted to v4 and the issue is gone. Any idea what change between v4 and v6 could cause this to happen only on Windows? Can it be persistence level?