add deprecation notice for oidc middleware

TykTechnologies · Oct 31, 2024 · 87bb56a · 87bb56a
1 parent 3114d14
commit 87bb56a
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/apidef/api_definitions.go b/apidef/api_definitions.go
@@ -633,6 +633,9 @@ type OIDProviderConfig struct {
 	ClientIDs map[string]string `bson:"client_ids" json:"client_ids"`
 }
 
+// OpenID Connect middleware support will be deprecated starting from 5.7.0.
+// To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead,
+// as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/.
 type OpenIDOptions struct {
 	Providers         []OIDProviderConfig `bson:"providers" json:"providers"`
 	SegregateByClient bool                `bson:"segregate_by_client" json:"segregate_by_client"`

diff --git a/apidef/oas/authentication.go b/apidef/oas/authentication.go
@@ -495,6 +495,9 @@ func (h *HMAC) ExtractTo(api *apidef.APIDefinition) {
 }
 
 // OIDC contains configuration for the OIDC authentication mode.
+// OIDC support will be deprecated starting from 5.7.0.
+// To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead,
+// as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/.
 type OIDC struct {
 	// Enabled activates the OIDC authentication mode.
 	//

diff --git a/apidef/oas/schema/x-tyk-api-gateway.json b/apidef/oas/schema/x-tyk-api-gateway.json
@@ -1090,6 +1090,7 @@
     },
     "X-Tyk-OIDC": {
       "type": "object",
+      "description": "Support for external OAuth Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/",
       "properties": {
         "enabled": {
           "type": "boolean"

diff --git a/gateway/mw_openid.go b/gateway/mw_openid.go
@@ -31,6 +31,10 @@ func (k *OpenIDMW) Name() string {
 }
 
 func (k *OpenIDMW) EnabledForSpec() bool {
+	if k.Spec.UseOpenID {
+		log.Warn("Support for OpenID Connect Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/")
+	}
+
 	return k.Spec.UseOpenID
 }