Skip to content

chore: drop unimplemented BFF session config (out of scope) #37

Description

@polaz

BffConfig is parsed but never implemented, and on reflection it does not belong in this crate: BFF is stateful session / token-lifecycle management (a separate product, e.g. oauth2-proxy / Pomerium), whereas this proxy is a stateless transcoding data plane with stateless auth primitives (JWT, forward-auth, ext_authz, OIDC discovery). A server-side session/token store would also break the multi-instance-stateless design.

Changes

  • Remove BffConfig, the auth.bff field, and its defaults.
  • Reword the OpenAPI cookie security-scheme description so it no longer references a BFF login flow.
  • README: drop BFF from the Roadmap; add a Non-goals note (use a dedicated BFF in front, or the forward-auth / authz hooks).

No behavior change (the field was never wired). Estimate: 1h

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions