jeffy-mathew commented 4 weeks ago

User description

6657

User description

Description

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

[ ] I ensured that the documentation is up to date
[ ] I explained why this PR updates go.mod in detail with reasoning why it's required
[ ] I would like a code coverage CI quality gate exception and have explained why

PR Type

enhancement, documentation

Description

Added a deprecation notice for the external OAuth middleware in the EnabledForSpec function.
Warned users that support for this middleware will be deprecated starting from version 5.7.0.
Recommended using JSON Web Token (JWT) instead and provided a link to the documentation for guidance.

Changes walkthrough 📝

Relevant files

Enhancement

mw_external_oauth.go

Add deprecation warning for external OAuth middleware

gateway/mw_external_oauth.go

Added a deprecation warning for the external OAuth middleware.

Suggested using JSON Web Token (JWT) as an alternative.

Provided a link to the relevant documentation for more information.

+4/-0

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

Description

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

[ ] I ensured that the documentation is up to date
[ ] I explained why this PR updates go.mod in detail with reasoning why it's required
[ ] I would like a code coverage CI quality gate exception and have explained why

PR Type

Enhancement, Documentation

Description

Added a deprecation notice for the external OAuth middleware across multiple files.
Warned users that support for this middleware will be deprecated starting from version 5.7.0.
Recommended using JSON Web Token (JWT) instead and provided a link to the documentation for guidance.
Updated the EnabledForSpec function to log a warning if the deprecated middleware is enabled.

Changes walkthrough 📝

Relevant files

Documentation

api_definitions.go `Add deprecation notice for ExternalOAuth in api_definitions.go` apidef/api_definitions.go Added a deprecation notice for `ExternalOAuth`. Recommended using JSON Web Token (JWT) instead. Provided a link to the relevant documentation.	+3/-0
security.go `Add deprecation notice for ExternalOAuth in security.go` apidef/oas/security.go Added a deprecation notice for `ExternalOAuth`. Recommended using JSON Web Token (JWT) instead. Provided a link to the relevant documentation.	+3/-0
x-tyk-api-gateway.json `Add deprecation notice for external OAuth in JSON schema` apidef/oas/schema/x-tyk-api-gateway.json Added a deprecation notice for external OAuth middleware. Recommended using JSON Web Token (JWT) instead. Provided a link to the relevant documentation.	+1/-0

Enhancement

mw_external_oauth.go

Add deprecation warning for external OAuth middleware

gateway/mw_external_oauth.go

Added a warning log for deprecated external OAuth middleware.

Recommended using JSON Web Token (JWT) instead.

Provided a link to the relevant documentation.

+4/-0

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

github-actions[bot] commented 4 weeks ago

API Changes

--- prev.txt    2024-10-31 14:12:59.614881118 +0000
+++ current.txt 2024-10-31 14:12:56.722850500 +0000
@@ -1196,6 +1196,10 @@
    Enabled   bool       `bson:"enabled" json:"enabled"`
    Providers []Provider `bson:"providers" json:"providers"`
 }
+    ExternalOAuth support will be deprecated starting from
+    5.7.0. To avoid any disruptions, we recommend that
+    you use JSON Web Token (JWT) instead, as explained in
+    https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/.

 type GWStats struct {
    APIsCount     int `json:"apis_count"`
@@ -2907,7 +2911,11 @@
    // Providers is used to configure OAuth providers.
    Providers []OAuthProvider `bson:"providers" json:"providers"` // required
 }
-    ExternalOAuth holds configuration for an external OAuth provider.
+    ExternalOAuth holds configuration for an external OAuth
+    provider. ExternalOAuth support will be deprecated starting
+    from 5.7.0. To avoid any disruptions, we recommend that
+    you use JSON Web Token (JWT) instead, as explained in
+    https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/.

 type ExtractCredentialsFromBody struct {
    // Enabled activates extracting credentials from body.

github-actions[bot] commented 4 weeks ago

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

**🎫 Ticket compliance analysis ✅** **[6657](https://github.com/TykTechnologies/tyk/issues/6657) - Fully compliant** Fully compliant requirements: - Add a deprecation notice for the external OAuth middleware. - Warn users that support for this middleware will be deprecated starting from version 5.7.0. - Recommend using JSON Web Token (JWT) instead and provide a link to the documentation for guidance.

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review

Deprecation Warning
Ensure that the deprecation warning is logged only once or under specific conditions to avoid excessive logging.

github-actions[bot] commented 4 weeks ago

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Best practice	Reduce log clutter by logging the deprecation warning once during initialization ___ Instead of logging a warning every time the `EnabledForSpec` method is called, consider logging this deprecation warning only once during the initialization or configuration loading phase to reduce log clutter. [gateway/mw_external_oauth.go [41-43]](https://github.com/TykTechnologies/tyk/pull/6688/files#diff-49758921227a3506a0c29936c58d02fbc8829d140acb5730de55f6621823a82cR41-R43) ```diff -if k.Spec.ExternalOAuth.Enabled { - log.Warn("Support for external OAuth Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/") -} +// This warning should be logged once during initialization ``` Suggestion importance[1-10]: 7 Why: The suggestion to log the deprecation warning only once during initialization is a good practice to reduce log clutter and improve performance. It is relevant and accurate, as logging the warning every time the method is called could lead to excessive and redundant log entries.	7