From 87bb56ab209d1dfd8e944089622c9325fc4729b4 Mon Sep 17 00:00:00 2001
From: Jeffy Mathew <jeffy.mathew100@gmail.com>
Date: Thu, 31 Oct 2024 10:53:52 +0100
Subject: [PATCH] add deprecation notice for oidc middleware

---
 apidef/api_definitions.go                | 3 +++
 apidef/oas/authentication.go             | 3 +++
 apidef/oas/schema/x-tyk-api-gateway.json | 1 +
 gateway/mw_openid.go                     | 4 ++++
 4 files changed, 11 insertions(+)

diff --git a/apidef/api_definitions.go b/apidef/api_definitions.go
index b34c4b264f8..bf7764d97ee 100644
--- a/apidef/api_definitions.go
+++ b/apidef/api_definitions.go
@@ -633,6 +633,9 @@ type OIDProviderConfig struct {
 	ClientIDs map[string]string `bson:"client_ids" json:"client_ids"`
 }
 
+// OpenID Connect middleware support will be deprecated starting from 5.7.0.
+// To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead,
+// as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/.
 type OpenIDOptions struct {
 	Providers         []OIDProviderConfig `bson:"providers" json:"providers"`
 	SegregateByClient bool                `bson:"segregate_by_client" json:"segregate_by_client"`
diff --git a/apidef/oas/authentication.go b/apidef/oas/authentication.go
index ae2a22a151f..43740c552de 100644
--- a/apidef/oas/authentication.go
+++ b/apidef/oas/authentication.go
@@ -495,6 +495,9 @@ func (h *HMAC) ExtractTo(api *apidef.APIDefinition) {
 }
 
 // OIDC contains configuration for the OIDC authentication mode.
+// OIDC support will be deprecated starting from 5.7.0.
+// To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead,
+// as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/.
 type OIDC struct {
 	// Enabled activates the OIDC authentication mode.
 	//
diff --git a/apidef/oas/schema/x-tyk-api-gateway.json b/apidef/oas/schema/x-tyk-api-gateway.json
index c71b6c54e32..2e3801e9b7a 100644
--- a/apidef/oas/schema/x-tyk-api-gateway.json
+++ b/apidef/oas/schema/x-tyk-api-gateway.json
@@ -1090,6 +1090,7 @@
     },
     "X-Tyk-OIDC": {
       "type": "object",
+      "description": "Support for external OAuth Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/",
       "properties": {
         "enabled": {
           "type": "boolean"
diff --git a/gateway/mw_openid.go b/gateway/mw_openid.go
index 40c08949297..de936f92d67 100644
--- a/gateway/mw_openid.go
+++ b/gateway/mw_openid.go
@@ -31,6 +31,10 @@ func (k *OpenIDMW) Name() string {
 }
 
 func (k *OpenIDMW) EnabledForSpec() bool {
+	if k.Spec.UseOpenID {
+		log.Warn("Support for OpenID Connect Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/openid-connect/")
+	}
+
 	return k.Spec.UseOpenID
 }