Breaking change exception: Twitter OmniAuth deprecation for a non-functional auth strategy
Breaking Change Exception Request
Executive summary
https://docs.gitlab.com/ee/integration/twitter.html is a very low usage authentication option for SaaS and SM users to login to GitLab using their Twitter account. Based on recent twitter API deprecations, the login option is no longer functional and was originally targeted for removal in 17.0. There has been only 1 user report of encountering the problem, and ~"group::authentication and authorization" is proposing to expedite the deprecation and removal sooner than 17.0 (ideally 16.3) to avoid having a non-functional login option. Lastly, the gem used for Twitter authentication last received updates in 2017.
Impact assessment
How many customers are impacted?
No known SM instances are using Twitter and the expected usage is less than 0.1 percent. For comparison see table below on other auth strategies and their usage
Can we get the same outcome without a breaking-change?
The login via Twitter is currently non-functional, and without spending effort to update the API, it will not be usable. Given the low usage and original plan for deprecation in 17.0, we believe that introducing this in a minor release will provide a better user experience.
Can the breaking-change wait till the next major release, or the next scheduled upgrade stop?
The change can be held till 17.0 however we will intentionally leave a non-functional component or spend effort to update the APIs, only to then deprecate the option.
What is the alternative for customers to do the same job the change will break?
Customers have over 15+ authentication strategies they can login with instead. They are very likely already doing that due to the state of the Twitter login.
How difficult is it for customers to migrate to the alternative? Is there a migration plan?
As login is a key functionality, any customers that would have to migrate would have raised the Twitter login issue already. Migration to another auth strategy is a small effort for this type of configuration and detailed documentation exists to adopt another auth mechanism.
Communication plan
The goal is to remove the gem and Twitter login option for 16.3 if this request can be approved in time.
Tasks
-
Notify Support and Customer Success so they can share information with relevant customers. -
Obtain approval from the VP of Development, VP of Product Management, and VP of Customer Support for this area -
Obtain approval from the CPO or CTO