task: deprecate WILDCARD and STRICT options #26833
Conversation
|
@shawkins Thanks for the PR. I remember discussing the rationale for this change somewhere but I can't find it now. Can you please remind me the motivation for it? |
Both of the implementing classes have been deprecated in the apache http client. |
docs/documentation/upgrading/topics/keycloak/changes-24_0_0.adoc
Outdated
Show resolved
Hide resolved
quarkus/config-api/src/main/java/org/keycloak/config/TruststoreOptions.java
Outdated
Show resolved
Hide resolved
vmuzikar
left a comment
There was a problem hiding this comment.
@keycloak/core Could you please review as well? It touches core areas.
d76f268 to
21dcd39
Compare
vmuzikar
left a comment
There was a problem hiding this comment.
Thanks, LGTM.
Now we need a review from @keycloak/core.
stianst
left a comment
There was a problem hiding this comment.
24 is now release, so release notes need to be updated to 25
|
@stianst moved the migration note |
abstractj
left a comment
There was a problem hiding this comment.
@shawkins, whenever you find some time, could you please resolve those conflicts? The changes look good to me, despite the presence of Git conflicts.
Following that, I suggest reaching out to the @keycloak/core-clients and @keycloak/core-iam teams for a review.
@pedroigor @mposolda I understand that your teams have a lot, but can you delegate to someone from your team the review of this PR? The changes proposed here are straightforward to review.
closes: keycloak#24893 Signed-off-by: Steve Hawkins <[email protected]>
Thank you for reviewing. It's been updated to resolve the conflicts. Some of these prs are getting a little stale, so unfortunately conflicts creep in eventually - I'll make anything that is getting reviewed is up-to-date.
Ok I'll try again on the core chat. |
|
The comment from @stianst around release notes is now resolved, dismissing the blocking change request. Going to merge now not to let it stale again. We can address any additional changes as a follow-up if needed. |
closes: #24893
Upstream it seems like they thought the browser compat / wildcard verifier was a mistake, so the Default matches more closely to the strict mode.
Another small issue with this is the spi docs were wrong (or the other logic was) - it was reporting values in lower case, but upper was expected. That was also corrected here.
I can't say for sure if users would be relying upon the specific behavior of either strict or wildcard, so it seems best to start with deprecation. However just having the annoation values as deprecated doesn't give any indication in help that values should not be used - so there's another possible help enhancement and/or an additional log message that should be emitted when the initi logic runs.