authgear

[louischan-oursky]

• Gateway
  • Remove gateway code
• Asset Gear
  • Remove asset gear
• Auth Gear
  • API changes
    • Rename /_auth/session/resolve to something else
    • Remove skygear_user in ID token claims
    • Add the new claim in full URL form to indicate is_anonymous
    • Add the new claim in full URL form to indicate metadata
    • Remove session in hook context
    • Remove the feature disable user
    • Remove the feature verification
    • Remove master key
  • Internal changes
    • Remove asset gear loader in template engine
    • Remove the dependency on libvips
    • Fix last login at
    • Remove master key from tenant config
    • Remove irrelevant files from the repository
    • Migrate CI/CD to GitHub Actions
    • Bundle built JavaScript and CSS files into the docker image
  • Database schema
    • Consolidate migrations
    • Rename _core_user to _auth_user
    • Merge _auth_user_profile into _auth_user
    • Consider switch to a migration tool that keeps full history of executed migrations, not just the latest version.
  • Relocation
    • Move it to authgear/authgear
  • Documentation
    • Move skygeario/features to /features
    • Move skygeario/guides to authgear/docs
    • Rewrite authgear/docs to be more relevant
  • SDK
    • Rename the packages
    • Move it to authgear/authgear-sdk-js
    • Delete generation of IIFE bundle
    • Delete examples
    • Delete observer
    • Delete asset gear container
    • Delete node client
    • Delete the existing docs site
    • Use api-extractor to generate rollup .d.ts
    • Use typedoc to take rollup .d.ts to generate documentation site
    • Investigate how to do documentation versioning with typedoc
    • Revamp the current API
    • Emit onAccessTokenExpired (single handler)
    • Emit onRefreshTokenExpired (single handler)
    • Register default onAccessTokenExpired handler to refresh access token
  • Future works
    • Support k8s CRD config backend
    • Introduce authgear/helm-chart
    • Write an example app and use authgear/helm-chart to deploy
    • Secret Management (Needs design)
    • Multi-tenant by hostname
    • Move database connection URI to envvar?
    • Integrate OpenTelemetry

[kiootic]

• Do we want to cleanup the core packages and remove irrelevant stuff/merge into auth package/new repo?
• Do we want to do OAuth 2.1 #1433 as part of refactor? (i.e. use library instead of hand-rolled OAuth implementation)
• We may also want to cleanup the configuration.
• I suppose we can drop access key entirely now.

[louischan-oursky]

Do we want to cleanup the core packages and remove irrelevant stuff/merge into auth package/new repo?

Sure!

Do we want to do #1433 as part of refactor? (i.e. use library instead of hand-rolled OAuth implementation)

As long as we have time. So this is not of our first priority.

We may also want to cleanup the configuration.

For example?

I suppose we can drop access key entirely now.

We still have the concept of client ID

[kiootic]

We may also want to cleanup the configuration.

• double api_version in app_config?
• app_id should not be needed.
• flatten app_config?
• template configuration need rework?
• do we refactor the secrets out of config now?
• no need OAuth scopes?

We still have the concept of client ID

Yes we do have it, but we can stop accepting it through the access key header, thus removing the concept of access key entirely.

[louischan-oursky]

double api_version in app_config?

Can remove them entirely.

app_id should not be needed.

Should be OK.

flatten app_config?
template configuration need rework?

I am fine with it.

do we refactor the secrets out of config now?

Good idea. But we may not have time to do secret management in this sprint. What temporary solution do we have? Load another file?

[chpapa]

Maybe just start a new one instead of moving skygeario/guides to authgear/docs?

[kiootic]

• web UI remove webappstep & state, expose interaction.StepState directly
• merge web UI state with interaction flow state
• move web UI request decoding/redirection to handlers
  • so add route is copy/paste a single file and change relevant places.
• use static singleton validator per handler
  • directly use global variable in handler.
• remove msgpack
• delete app_id, use constant in single tenant mode, use tenant key in multi-tenant mode
• move translation to a file in handlers/webapp
  • share by all handlers
• refactor render provider: a set of helper functions
• all form should novalidate, don't use html5 validation
• request validation is moved to interaction flow, use JSON schema, inject context (details) into error in flows.

[kiootic]

• webapp static asset self-host (no CDN provided)
• static asset pack into output binary (packr?)
• development workflow: use parcel to watch & compile assets?