stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
40e7f827da764e39ca67fc27a74813a98e9a38d2
git.stella-ops.org/docs/api/authority-legacy-auth-endpoints.md
master f98cea3bcf Add Authority Advisory AI and API Lifecycle Configuration 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
2025-11-02 13:50:25 +02:00

33 lines
2.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Legacy Authority Authentication Endpoints — Deprecation Guidance
**Announced:** 1 November 2025
**Sunset (removal no earlier than):** 1 May 2026
## Summary
StellaOps Authority previously exposed OAuth 2.1 endpoints at `/oauth/token`, `/oauth/revoke`, and `/oauth/introspect` to ease migration from early previews. Those aliases are now **deprecated** in favour of the canonical paths (`/token`, `/revoke`, `/introspect`). All responses from the legacy routes include:
- `Deprecation` — RFC7231 HTTP-date set to 1 November 2025.
- `Sunset` — HTTP-date advertising the planned removal on 1 May 2026.
- `Warning` — RFC7234 `299` warning describing the migration requirement.
- `Link``rel="sunset"` URI pointing back to this guidance.
No new features (DPoP nonces, audit upgrades, policy scopes) will ship on the legacy routes. After 1 May 2026 the aliases will return `410 Gone` and be removed in the next major release.
## Required Actions
- **Service identities / CI pipelines** Update token, revocation, and introspection calls to target the canonical `/token`, `/revoke`, and `/introspect` endpoints. Regenerate OpenAPI clients if they relied on the deprecated paths.
- **Gateway / proxy rules** Remove explicit rewrites that target `/oauth/*` so traffic flows directly to the canonical paths.
- **Custom SDKs** Regenerate against the refreshed Authority OpenAPI spec (`/.well-known/openapi`) which marks legacy operations as `deprecated: true`.
- **Monitoring** Alert on the `authority.api.legacy_endpoint` audit event or the `299` Warning header to verify migrations are complete.
## Timeline & Support
| Date | Milestone |
|------|-----------|
| 1 Nov 2025 | Deprecation headers emitted, documentation published |
| JanApr 2026 | Observability dashboards highlight remaining usage; support assists with migrations |
| 1 May 2026 | Legacy routes return HTTP 410 and will be removed in the next major release |
Questions? Contact the **Authority Core** guild or open a ticket with the **API Governance Guild** referencing AUTH-OAS-63-001.
Reference in New Issue View Git Blame Copy Permalink