envoy icon indicating copy to clipboard operation
envoy copied to clipboard
verified publisher icon envoyproxy

[OAuth2] Timeline for graduation of OAuth2 filter to beta/GA

Open sseetharaman6 opened this issue 3 years ago • 1 comments

Title: Timeline for graduation of OAuth2 filter to beta/GA

Description: OAuth2 filter documentation mentions that it is currently under active development. The extensions metadata specifies the status as alpha - is there a timeline or milestone by which this filter can be considered stable for production use? In other words, when is this expected to graduate to GA?

Also is there a plan to support additional grant types besides the authz code flow?
Relevant: https://github.com/envoyproxy/envoy/issues/14088

sseetharaman6 avatar Aug 11 '22 16:08 sseetharaman6

cc @derekargueta @snowp

kyessenov avatar Aug 11 '22 20:08 kyessenov

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Sep 11 '22 00:09 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

github-actions[bot] avatar Sep 18 '22 00:09 github-actions[bot]

any timeline for this?

naveeniyengar avatar Feb 17 '23 14:02 naveeniyengar

@derekargueta @snowp @kyessenov - Would you be able to provide the likely promotion timeline for this filter?

deva26 avatar Jun 13 '23 10:06 deva26

The criteria are listed here https://github.com/envoyproxy/envoy/blob/main/EXTENSION_POLICY.md#extension-stability-and-security-posture. The main signal for this extension is sufficient burn time in production. If an end-user can report on experience running it in production without issues, the other signals are mostly technical quality.

kyessenov avatar Jun 14 '23 00:06 kyessenov

The criteria are listed here https://github.com/envoyproxy/envoy/blob/main/EXTENSION_POLICY.md#extension-stability-and-security-posture. The main signal for this extension is sufficient burn time in production. If an end-user can report on experience running it in production without issues, the other signals are mostly technical quality.

Serious users aren't ready to try it in production when they see the flag alpha. Aren't we in the chicken and egg conundrum?

deva26 avatar Jul 07 '23 11:07 deva26

@deva26 yes it is, but the first step needs to be done by the interested end-user to provide qualification. We cannot do that alone in OSS without production access.

kyessenov avatar Jul 08 '23 20:07 kyessenov