Deprecate and remove the type: oauth and type: keycloak APIs
#175
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jakub Scholz <www@scholzj.com>
scholzj
requested review from
Frawless,
PaulRMellor,
im-konge,
katheris,
mstruk,
ppatierno,
samuel-hawker,
see-quick,
sknot-rh and
tombentley
scholzj
changed the title
type: oauth and type: keycloak APIstype: oauth and type: keycloak APIs
8 tasks
tinaselenge
approved these changes
Sep 11, 2025
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
im-konge
approved these changes
Sep 11, 2025
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
see-quick
approved these changes
Sep 11, 2025
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
PaulRMellor
approved these changes
Sep 11, 2025
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
|
|
||
| This proposal suggests deprecating the `type: oauth` authentication and `type: keycloak` authorization from the Strimzi API and its removal in the [Strimzi `v1` CRD API](https://github.com/strimzi/proposals/pull/174). | ||
| The APIs will be replaced by `type: custom` authentication and authorization. | ||
| This proposal does not propose deprecating the Strimzi OAuth library subproject or not bundling it with the Strimzi container images. |
There was a problem hiding this comment.
should we comment here on the anticipated future of the project in terms of maintenance?
There was a problem hiding this comment.
I added a note that the development and maintenance of the OAuth project continues as before.
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
| ### Documentation | ||
|
|
||
| The examples of using the `type: custom` configuration will be added to the documentation. | ||
| The existing documentation using the OAuth APIs should be removed while ensuring the things it covers are well documented in the OAuth library documentation/README. |
There was a problem hiding this comment.
Are we removing at deprecation phase or when we drop support as v1?
Would we need to consider any migration guidance?
There was a problem hiding this comment.
I think we should remove it right with the deprecation to not have new users start using it. We should also have some simple migration guide -> i.e. not covering every single option, just some high level pointing to the OAuth README for the more detailed docs on all options. I updated the proposal with it.
There was a problem hiding this comment.
The users having to manually migrate their configurations seems like a potential problem for users. We should maybe document a mapping table how each config option in Strimzi maps to the JAAS config parameter, e.g. clientId -> oauth.client.id
There was a problem hiding this comment.
That would make sense I guess, yes. I added the mapping table to the proposal.
113-deprecate-and-remove-oauth-authentication-and-authorization.md
Outdated
Show resolved
Hide resolved
Co-authored-by: PaulRMellor <47596553+PaulRMellor@users.noreply.github.com> Co-authored-by: Lukáš Král <53821852+im-konge@users.noreply.github.com> Co-authored-by: Maros Orsak <maros.orsak159@gmail.com> Signed-off-by: Jakub Scholz <www@scholzj.com>
Signed-off-by: Jakub Scholz <www@scholzj.com>
mstruk
approved these changes
Sep 12, 2025
Signed-off-by: Jakub Scholz <www@scholzj.com>
|
This proposal has now 4 binding and 2 non-binding +1 votes. I will keep it open until Tuesday EOB to see if there are any more comments. |
Frawless
approved these changes
Sep 16, 2025
Signed-off-by: Jakub Scholz <www@scholzj.com>
im-konge
added a commit
to im-konge/proposals
that referenced
this pull request
Sep 19, 2025
…imzi#175) * Deprecated the type: oauth and type: keycloak APIs Signed-off-by: Jakub Scholz <www@scholzj.com> * Apply suggestions from code review Co-authored-by: PaulRMellor <47596553+PaulRMellor@users.noreply.github.com> Co-authored-by: Lukáš Král <53821852+im-konge@users.noreply.github.com> Co-authored-by: Maros Orsak <maros.orsak159@gmail.com> Signed-off-by: Jakub Scholz <www@scholzj.com> * Review comments LK, PM, TS Signed-off-by: Jakub Scholz <www@scholzj.com> * Review comments MS Signed-off-by: Jakub Scholz <www@scholzj.com> * Update index Signed-off-by: Jakub Scholz <www@scholzj.com> --------- Signed-off-by: Jakub Scholz <www@scholzj.com> Co-authored-by: PaulRMellor <47596553+PaulRMellor@users.noreply.github.com> Co-authored-by: Lukáš Král <53821852+im-konge@users.noreply.github.com> Co-authored-by: Maros Orsak <maros.orsak159@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This proposal suggests deprecating the
type: oauthauthentication andtype: keycloakauthorization from the Strimzi API and its removal in the Strimziv1CRD API. The APIs will be replaced bytype: customauthentication and authorization. This proposal does not propose deprecating the Strimzi OAuth library subproject or not bundling it with the Strimzi container images.