stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add Authority Advisory AI and API Lifecycle Configuration

Browse Source 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
This commit is contained in:
master
2025-11-02 13:40:38 +02:00
parent 66cb6c4b8a
commit f98cea3bcf
516 changed files with 68157 additions and 24754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/api/authority-legacy-auth-endpoints.md Normal file
View File

@@ -0,0 +1,32 @@
# Legacy Authority Authentication Endpoints — Deprecation Guidance
**Announced:** 1 November 2025
**Sunset (removal no earlier than):** 1 May 2026
## Summary
StellaOps Authority previously exposed OAuth 2.1 endpoints at `/oauth/token`, `/oauth/revoke`, and `/oauth/introspect` to ease migration from early previews. Those aliases are now **deprecated** in favour of the canonical paths (`/token`, `/revoke`, `/introspect`). All responses from the legacy routes include:
- `Deprecation` — RFC7231 HTTP-date set to 1 November 2025.
- `Sunset` — HTTP-date advertising the planned removal on 1 May 2026.
- `Warning` — RFC7234 `299` warning describing the migration requirement.
- `Link``rel="sunset"` URI pointing back to this guidance.
No new features (DPoP nonces, audit upgrades, policy scopes) will ship on the legacy routes. After 1 May 2026 the aliases will return `410 Gone` and be removed in the next major release.
## Required Actions
- **Service identities / CI pipelines** Update token, revocation, and introspection calls to target the canonical `/token`, `/revoke`, and `/introspect` endpoints. Regenerate OpenAPI clients if they relied on the deprecated paths.
- **Gateway / proxy rules** Remove explicit rewrites that target `/oauth/*` so traffic flows directly to the canonical paths.
- **Custom SDKs** Regenerate against the refreshed Authority OpenAPI spec (`/.well-known/openapi`) which marks legacy operations as `deprecated: true`.
- **Monitoring** Alert on the `authority.api.legacy_endpoint` audit event or the `299` Warning header to verify migrations are complete.
## Timeline & Support
| Date | Milestone |
|------|-----------|
| 1 Nov 2025 | Deprecation headers emitted, documentation published |
| JanApr 2026 | Observability dashboards highlight remaining usage; support assists with migrations |
| 1 May 2026 | Legacy routes return HTTP 410 and will be removed in the next major release |
Questions? Contact the **Authority Core** guild or open a ticket with the **API Governance Guild** referencing AUTH-OAS-63-001.