diff --git a/apidef/api_definitions.go b/apidef/api_definitions.go index f7c4248268c..b3dbc1601df 100644 --- a/apidef/api_definitions.go +++ b/apidef/api_definitions.go @@ -562,6 +562,9 @@ type OIDProviderConfig struct { ClientIDs map[string]string `bson:"client_ids" json:"client_ids"` } +// OpenID Connect middleware support will be deprecated starting from 5.7.0. +// To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, +// as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/. type OpenIDOptions struct { Providers []OIDProviderConfig `bson:"providers" json:"providers"` SegregateByClient bool `bson:"segregate_by_client" json:"segregate_by_client"` diff --git a/apidef/oas/authentication.go b/apidef/oas/authentication.go index 98e0558cf3e..af70158b90f 100644 --- a/apidef/oas/authentication.go +++ b/apidef/oas/authentication.go @@ -495,6 +495,9 @@ func (h *HMAC) ExtractTo(api *apidef.APIDefinition) { } // OIDC contains configuration for the OIDC authentication mode. +// OIDC support will be deprecated starting from 5.7.0. +// To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, +// as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/. type OIDC struct { // Enabled activates the OIDC authentication mode. // diff --git a/apidef/oas/schema/x-tyk-api-gateway.json b/apidef/oas/schema/x-tyk-api-gateway.json index f51dbfb7fb1..2c7f5ae314c 100644 --- a/apidef/oas/schema/x-tyk-api-gateway.json +++ b/apidef/oas/schema/x-tyk-api-gateway.json @@ -1084,6 +1084,7 @@ }, "X-Tyk-OIDC": { "type": "object", + "description": "Support for external OAuth Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/", "properties": { "enabled": { "type": "boolean" diff --git a/gateway/mw_openid.go b/gateway/mw_openid.go index 40c08949297..de936f92d67 100644 --- a/gateway/mw_openid.go +++ b/gateway/mw_openid.go @@ -31,6 +31,10 @@ func (k *OpenIDMW) Name() string { } func (k *OpenIDMW) EnabledForSpec() bool { + if k.Spec.UseOpenID { + log.Warn("Support for OpenID Connect Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/") + } + return k.Spec.UseOpenID }