Closed chadlwilson closed 1 year ago
@chadlwilson thank you, I created the first release with 2.0 support.
Thanks! Looks like you've done a bit more than just declare compatibility to also attempt to support some of the extra (optional) features introduced since which is nice :-)
Hiya @klinux - GoCD maintainer courtesy call here as this appears quite a popular plugin for users. 👋
It seems this plugin is using the
1.0
extension API for authorizations.https://github.com/klinux/gocd-keycloak-oauth-authorization-plugin/blob/86fe6b5dbefffc9c4959ac5bdd74551be9fa3a22/src/main/java/cd/go/authorization/keycloak/Constants.java#L28
Rather than intentional, this is possibly historical because it was forked from https://github.com/szamfirov/gocd-okta-oauth-authorization-plugin which was an older plugin (edit: subsequently updated since this github issue was created).
Support for "1.0" will soon be removed in GoCD
23.2.0
as part of clean-up to support https://github.com/gocd/gocd/issues/11629 (functionality also likely of use to this plugin to increase security) Authorization extension API version2.0
was introduced in GoCD19.2.0
and was supposed to be removed many years ago, but was probably forgotten.https://plugin-api.gocd.org/current/#deprecations-across-extensions58
Although these additional messages are supported on V2, they are only used/required if you want GoCD access token-based authentication to work for users via the plugin, or if the the plugin declares capability
can_get_user_roles
e.g add on to the belowhttps://github.com/klinux/gocd-keycloak-oauth-authorization-plugin/blob/86fe6b5dbefffc9c4959ac5bdd74551be9fa3a22/src/main/java/cd/go/authorization/keycloak/models/Capabilities.java#L24-L33
Tl;DR - I believe you can likely just declare "2.0" API version compatibility and things will work just fine as the server will assume the plugin does not support user roles, and does not support GoCD access/API token usage. This will work on GoCD versions
19.2.0+
so going back 3.5 years or so.