# Legacy Authority Authentication Endpoints — Deprecation Guidance **Announced:** 1 November 2025 **Sunset (removal no earlier than):** 1 May 2026 ## Summary StellaOps Authority previously exposed OAuth 2.1 endpoints at `/oauth/token`, `/oauth/revoke`, and `/oauth/introspect` to ease migration from early previews. Those aliases are now **deprecated** in favour of the canonical paths (`/token`, `/revoke`, `/introspect`). All responses from the legacy routes include: - `Deprecation` — RFC 7231 HTTP-date set to 1 November 2025. - `Sunset` — HTTP-date advertising the planned removal on 1 May 2026. - `Warning` — RFC 7234 `299` warning describing the migration requirement. - `Link` — `rel="sunset"` URI pointing back to this guidance. No new features (DPoP nonces, audit upgrades, policy scopes) will ship on the legacy routes. After 1 May 2026 the aliases will return `410 Gone` and be removed in the next major release. ## Required Actions - **Service identities / CI pipelines** – Update token, revocation, and introspection calls to target the canonical `/token`, `/revoke`, and `/introspect` endpoints. Regenerate OpenAPI clients if they relied on the deprecated paths. - **Gateway / proxy rules** – Remove explicit rewrites that target `/oauth/*` so traffic flows directly to the canonical paths. - **Custom SDKs** – Regenerate against the refreshed Authority OpenAPI spec (`/.well-known/openapi`) which marks legacy operations as `deprecated: true`. - **Monitoring** – Alert on the `authority.api.legacy_endpoint` audit event or the `299` Warning header to verify migrations are complete. ## Timeline & Support | Date | Milestone | |------|-----------| | 1 Nov 2025 | Deprecation headers emitted, documentation published | | Jan–Apr 2026 | Observability dashboards highlight remaining usage; support assists with migrations | | 1 May 2026 | Legacy routes return HTTP 410 and will be removed in the next major release | Questions? Contact the **Authority Core** guild or open a ticket with the **API Governance Guild** referencing AUTH-OAS-63-001.