Skip to content

Deprecate OpenID 2.0 Support #7153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rwinch opened this issue Jul 26, 2019 · 13 comments · Fixed by #8450
Closed

Deprecate OpenID 2.0 Support #7153

rwinch opened this issue Jul 26, 2019 · 13 comments · Fixed by #8450
Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: task A general task

Comments

@rwinch
Copy link
Member

rwinch commented Jul 26, 2019
edited
Loading

Summary

The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect. The openid4java library that is used by Spring Security has not seen an update since 2015 (4 years). We need to deprecate the OpenID support.

We should add the following deprecation notice:

The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect.

To the following locations:

  • Any files in the spring-security-openid module
  • The openid portion of the reference
  • The openid sample application
  • The openid related code in spring-security-config for bot Java Configuration and XML configuration

NOTE: We are NOT deprecating OpenID Connect support. Only the support for OpenID 2.0 protocol will be deprecated (the protocol itself was deprecated).
@rwinch rwinch assigned rwinch and unassigned rwinch Jul 26, 2019
@rwinch rwinch added in: web An issue in web modules (web, webmvc) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: task A general task labels Jul 26, 2019
@rwinch rwinch changed the title Deprecate OpenID 1.0 2.0 Support Deprecate OpenID 2.0 Support Jul 26, 2019
@rwinch rwinch mentioned this issue Jul 26, 2019
Closed
@eddumelendez
Copy link
Contributor

Hi @rwinch, do you think this is good for first-timers-only?

@rwinch
Copy link
Member Author

rwinch commented Aug 5, 2019

Hey @eddumelendez Thanks for the question. I think this is a lot of files to touch for a first timers issue.

@ThomasVitale
Copy link
Contributor

Hi @rwinch, I would be available to take this issue.

@rwinch
Copy link
Member Author

rwinch commented Sep 19, 2019

Thanks @ThomasVitale! The issue is yours if you still want it

@ThomasVitale
Copy link
Contributor

I will start working on it then, thanks @rwinch

@farooqkhan003
Copy link
Contributor

@ThomasVitale by any chance if you didn't get time to work on this, can I take this issue?

@ThomasVitale
Copy link
Contributor

Hi @farooqkhan003, I have started with it and then didn't have time to complete it. So far I have added the deprecation notice to all files in the openid module. Would you like to take over and complete the remaining parts of the task? If so, @rwinch can we split the delivery in 2 parts or should it be a single one? In any case, I have created a PR with the changes I have done so far.

@ThomasVitale ThomasVitale mentioned this issue Oct 22, 2019
Closed
@dadikovi
Copy link
Contributor

@farooqkhan003 Are you still working on this issue? If not, @rwinch can I take it?

@farooqkhan003
Copy link
Contributor

@dadikovi unfortunately I didn't get chance to work on this issue.

@rwinch
Copy link
Member Author

rwinch commented Apr 27, 2020

@dadikovi Please take it. The issue is yours

@dadikovi dadikovi mentioned this issue May 1, 2020
Merged
@dadikovi
Copy link
Contributor

dadikovi commented May 1, 2020

@rwinch Thanks. I sent in a draft PR. I'm not sure if in case of XML configuration should I write the deprecation notice more formally (eg. in a dedicated tag), or is this okay that I put it in the documentation tag.

Please note that this PR will introduce the deprication notice only in docs, sample applications and configurations. Earlier PR (#7554) contained the notice for all files in related packages. Should I merge these two together, or is it okay this way?

@rwinch
Copy link
Member Author

rwinch commented May 1, 2020

Thanks @dadikovi This I responded on gh-8450

dadikovi added a commit to dadikovi/spring-security that referenced this issue May 2, 2020
@dadikovi
Deprecate openID 2.0 support
339d44b 
This commit puts deprecation notice on docs, sample applications and configurations (java and xml)

Fixes spring-projectsgh-7153
dadikovi added a commit to dadikovi/spring-security that referenced this issue May 2, 2020
@dadikovi
Deprecate openID 2.0 support
2d9a6ac 
This commit adds link to spring code on the top of ThomasVitale's changes.

Fixes spring-projectsgh-7153
dadikovi added a commit to dadikovi/spring-security that referenced this issue May 9, 2020
@dadikovi
Deprecate openID 2.0 support
f2a2b46 
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.

Fixes spring-projectsgh-7153
@rwinch rwinch added status: duplicate A duplicate of another issue and removed status: ideal-for-contribution An issue that we actively are looking for someone to help us with labels May 12, 2020
@rwinch
Copy link
Member Author

rwinch commented May 12, 2020

Closing in favor of gh-8450

@rwinch rwinch closed this as completed May 12, 2020
@rwinch rwinch mentioned this issue May 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: task A general task
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Deprecate OpenID 2.0 support dadikovi/spring-security
Deprecate OpenID 2.0 Support
6 participants
@rwinch @eddumelendez @dadikovi @ThomasVitale @farooqkhan003 @spring-contributor