search

the-control-group / authx

An authentication & authorization platform for service-oriented architectures.
MIT License
47 stars 6 forks source link

Update scopes to support non-breaking addition of features #71

Closed mike-marcacci closed 3 years ago

mike-marcacci commented 4 years ago

Prefixing the context domain with a version gives us a mechanism to transition between breaking scope changes. However, this requires migration of all client requests. Ideally, we would have a mechanism to introduce new features (and thus new scope segments) while only requiring migration from within AuthX.

Consider adding .** to the end of the "context" and "action" domains so that future additions of segments is non-breaking.

Process for introducing new scope segments:

  1. Add the new segment in the codebase, with the new feature behind a flag.
  2. Deploy the code changes, with the new feature disabled.
  3. Add the new segment to relevant matching scopes in client OAuth requests. (optional)
  4. Add the new segment to all matching scopes and scope templates in roles.
  5. Add the new segment to all matching scopes in grants.
  6. Enable the new feature.
mike-marcacci commented 4 years ago

I am less enthusiastic about this idea these days, at least for AuthX own scopes... I'll keep this open for discussion, but am leaning towards continuing with our existing conventions for v3 scopes.

mike-marcacci commented 3 years ago

I'm going to close this, as the current conventions do seem adequate at the moment. The next version will likely take the form described here.