Problem/Motivation
Currently, the module depends on the lusitanian/oauth PHP library and the latest release of that library was in 2018. Have you considered to use a more frequently maintained and more popular library like league/oauth2-client?
Proposed resolution
This will take the form of 2 separate releases.
Next release for 5.1.x will include deprecation warnings for as much of the OAuth related code as possible.
That's MR 118, ready for review now.
Release for 5.2.0 6.0.0 will execute the deprecations and purge all references to lusitanian/oauth.
Remaining tasks
MR 118, which adds deprecations for all oauth related code, and replaces as much as possible without breaking changes.
Review MR 118
Change record for 5.1.x release, and update deprecation notices to link to it
Merge 118 and tag a new 5.1.3-beta1 release
New 6.0.x MR, with breaking changes, purging OAuth.
Review MR 126
Change record for 6.0.x release.
Merge 126 and tag new 6.0.0-alpha1 release
User interface changes
No
API changes
Yes
Data model changes
No
Comments
Comment #2
aaronbaumanI appreciate the suggestion, but interactive OAuth has not been supported or recommended for some time.
The salesforce_oauth module needs to be deprecated and removed - should have been done for 5.1 / D11 release but i did not get around to it.
Comment #3
balazswmann commented@aaronbauman This is not just about the
salesforce_oauthmodule. I know that it's kind of deprecated. The lusitanian/oauth library is used in a bunch of other places including the coresalesforcemodule and sub-modules (e.g.salesforce_jwt) as well. I'd change back the ticket details.Comment #4
aaronbaumanAh, yes of course, you're right.
Reviewing it now, and I see the things we're using from lusitanian/oauth are relatively primitive.
And besides maybe TokenInterface, i don't see much that we'd be using from league/oauth2-client
I'm not really sure we need a 3rd party library at all.
Some of the classes - URI, HTTP Client - have Drupal or Symfony analogs we can switch to.
Some - TokenInterface, ServiceInterface, Exceptions - are pretty trivial to re-implement.
Originally, i the motivation for using lusitanian/oauth was the tools it provided for interactive oauth.
At the time, it made sense to build on top of as much of that code as possible, and I have never really revisited that decision.
But with an eye toward dropping support for interactive oauth, I think it probably makes sense to just incorporate what's left into salesforce module, and drop the 3rd party library altogether.
Comment #5
balazswmann commentedYes, if it's possible I also think the best would be to drop the dependency completely.
Comment #6
jaydarnellFWIW, the lusitanian/oauth library is now throwing deprecation warnings if you upgrade to PHP 8.4 which seems like another reason to decouple as soon as possible.
Comment #7
johnny5th commentedI made a really gross lusitanian/oauth patch to make the deprecation warnings go away till the dependency gets dropped.
Comment #9
aaronbaumanThis will take the form of 2 separate releases.
Next release for 5.1.x will include deprecation warnings for as much of the OAuth related code as possible.
That's MR 118, ready for review now.
Release for 5.2.0 will execute the deprecations and purge all references to lusitanian/oauth.
IS updated with these details
Comment #10
aaronbaumanOpened MR 120 (against the branch of MR 118) to be be included in 5.2.0
Comment #11
aaronbaumanCR created: https://www.drupal.org/node/3575311
Comment #15
aaronbaumanOK, this is all merged and tagged into 5.1.3-beta1 and 6.0.0-alpha1
Thanks for everyone's work on this.