[Auth gem] Remove Twitter OAuth login from GitLab.com
Context
- Twitter OAuth in GitLab.com appears to already be broken: Twitter 401'd my login (#409031 - closed)
- I just tried to use it on GitLab.com, got a 401
- Kibana shows 95% failure rate over last 10 days
- I think it may be broken for everyone https://twittercommunity.com/t/get-oauth-authenticate-is-broken/184114/8
- Perhaps the issue is that the gem is very outdated and Twitter supposedly recently made some unannounced breaking changes/deprecations: https://twitter.com/Mal_loc/status/1669755340995588096
- Last gem release was in 2017
- Very little usage by GitLab customers
Definition of done
Assuming we want to follow the usual deprecation process, it would be:
-
Deprecation announcement - %16.3 Deprecate and remove Twitter OAuth 1.0 (!128121 - merged) -
Ensure deprecation includes guidance for users on what to do next i.e reset password and use another auth strategy.
-
-
Remove Twitter OmniAuth from GitLab.com - 2023-08-04: Remove X/Twitter omniauth from Git... (gitlab-com/gl-infra/production#16127 - closed) -
Removal of gem and all references as a breaking change - %17.0- created separate issue for this [Breaking change] Remove Twitter OAuth login (#420978 - closed) -
Removal of all Twitter identity records via migration (- created separate issue for this #420979Identity.where(provider: 'twitter')
) in the database - %17.1
Edited by Jessie Young