fix(#411): QA-010 — fix minor JSDoc and comment issues across auth files

Fix response.ok JSDoc (2xx not 200), remove stale token refresh claim, remove non-actionable comment, fix CSRF comment placement, add 403 mapping rationale. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 13:50:04 -06:00
parent e600cfd2d0
commit 27c4c8edf3
5 changed files with 13 additions and 15 deletions
--- a/apps/web/src/lib/auth/auth-errors.ts
+++ b/apps/web/src/lib/auth/auth-errors.ts
@@ -71,6 +71,7 @@ function isHttpResponseLike(value: unknown): value is { status: number } {
 * Map an HTTP status code to an {@link AuthErrorCode}.
 */
 function httpStatusToCode(status: number): AuthErrorCode {
+  // In auth context, both 401 and 403 indicate the user should re-authenticate
  if (status === 401 || status === 403) {
    return "invalid_credentials";
  }