Closed JU-2094 closed 8 months ago
Discussed on 11/16 meeting.
This was changed to add a new enum value unknown
.
Reasons:
The attributes defined in this document have no official standing and might be changed, or removed, at any time. As such, inclusion of an attribute in this document does not need to meet the same level of maturity, or popularity, as attributes defined in the CloudEvents specification.
For the recently added extension Auth Context /extensions/authcontext.md the attribute of
authtype
is the only one marked as REQUIRED in the constraints.The key principle here is that authtype classification results should be predictable and should not change. However, for some cases the type is preferred to be
unknown
when we can't determine reliable. The main concern we have is howauthtype
classifications might change when we are able to classify the request in the future. As a result if we change fromunknown
toapp_user
it is a "breaking" change for API consumers. Since their code may build business logic based on authtype results.This is the reason we are suggesting making
authtype
OPTIONAL to avoid having customers build business logic around it. If we have to return anauthtype
in a situation where we don't know for certain, I would prefer to add the enum valueunknown
. We think is better to avoid this altogether until we can consistently and predictably classify "authtype" to avoid future "breaking change' scenario.