Context
RFC merged in #876 (docs/rfc/user-auth-myopencre.md) proposes new auth routes at /auth/login, /auth/callback, /auth/logout. Existing Google OAuth already lives at:
GET /rest/v1/login
GET /rest/v1/callback
GET /rest/v1/logout
GET /rest/v1/user
Per maintainer review of #876, consolidate under the versioned API namespace:
Target routes:
GET /rest/v1/auth/login
GET /rest/v1/auth/callback
GET /rest/v1/auth/logout
GET /rest/v1/auth/user (or keep /rest/v1/user — decide during implementation)
Requirements
Related
Acceptance criteria
- New routes work end-to-end with Google OAuth
- Old routes redirect or alias without breaking existing bookmarks
- Tests cover both old aliases and new canonical paths during migration window
Context
RFC merged in #876 (
docs/rfc/user-auth-myopencre.md) proposes new auth routes at/auth/login,/auth/callback,/auth/logout. Existing Google OAuth already lives at:GET /rest/v1/loginGET /rest/v1/callbackGET /rest/v1/logoutGET /rest/v1/userPer maintainer review of #876, consolidate under the versioned API namespace:
Target routes:
GET /rest/v1/auth/loginGET /rest/v1/auth/callbackGET /rest/v1/auth/logoutGET /rest/v1/auth/user(or keep/rest/v1/user— decide during implementation)Requirements
/rest/v1/auth/*routes implementing the RFC TODO 1 session contract (session['user_id'], redirect on missing session)/rest/v1/login,/rest/v1/callback,/rest/v1/logoutas temporary aliases with deprecation headers or redirect to/rest/v1/auth/*useUser, Header) and any docs referencing old pathslogin_requiredto redirect to/rest/v1/auth/login?next=<url>(not 401 for browser flows)Accept: application/json→ 401 vs browser → 302)Related
docs/rfc/user-auth-myopencre.mdTODO 1Acceptance criteria