These repositories will no longer be available on Github after the end-of-life date, September 30, 2021. Please make plans to find a suitable replacement or remove these libraries from any active projects before the end-of-life date. Please reply to this topic or create a new topic if you have any questions or concerns.
It will be helpful for us also if you can let us know if you’re using any of our auth0-community repos so that we don’t deprecate the ones you’re using
Hey!
I completely understand that you deprecate auth0-socketio-jwt, and I would be more than happy to take the npm name, with the “fork” I created, that already satisfy some of the needs of your previous users.
Currently available there: @thream/socketio-jwt - npm
At first, I was only thinking about this name as a temporary solution, but now that you’re officially depracting this package, I guess, it’s time to have a more official package name and that would be socketio-jwt.
Here’s the solution I could think of, if you agree of course
Deprecate @thream/socketio-jwt on npm
Release the new version socketio-jwt@5.0.0 with the exact same version as current @thream/socketio-jwt@2.1.0 with updated README and changes needed about the new name of course.
Removal of the GitHub Repo for the old socketio-jwt (a.k.a auth0-socketio-jwt) as you’re planning to do it in September 2021.
Feel free to discuss, if you have any questions!
The main idea, is that I would like to become the maintainer of this package.
We are using socketio-jwt, but can’t use @thream’s version as it has stripped out some functionality that we need/use, with no plans to support it as far as I understand. I don’t think a new version that steps in to replace the official package should have reduced functionality just because the other features didn’t suit the author of the new package.
Will be happy to support @thream’s version if it achieves feature parity, but otherwise we’ll probably roll our own fork or solution instead.
Please pardon my ignorance, I’m new here and may not have a complete understanding. It sounds like Auth0 is handing off an npm name to a third-party after that name has gained the trust of thousands of developers.
What stops said third-party from injecting malicious behavior into many thousands of applications?
Auth0 is deprecating the packages. Auth0’s libraries will no longer be available on GitHub after the deprecation date. To clarify, the packages will not be handed off to a third party. Because of the nature of these open-source projects, the forks will still be active, although they won’t be maintained or specifically supported by Auth0. Hope that clarifies this!
To provide more context, there are a number of auth0-community repos which are not used a great deal based on Github data and are not being updated. We are in the process of taking these repos through the deprecation process since they are not actively maintained. If you are using any of the repos please let us know to help us in the evaluation!
What features do you need ? Feel free to open new issues on the Thream repo.
other features didn’t suit the author of the new package.
It is not the reason, we want to have an easy to use package and the old one provided by auth0 had so many ways to use it, in my opinion it’s better to only have one way to use it.
But if you need a specific feature, we’ll try our best to include it if it is possible to not add another way to use the package, as the package should be easy to use.
Yes, moving to a fork at this time would probably be the best.
It is a fork actually, I just rewrite and improve the package, as it now support TypeScript out of the box, less dependencies to install, 100% code coverage, etc.
Hi @Divlo,
It sounds like you want to rename your fork from thream/socketio-jwt to socketio-jwt. Is that correct?
The Auth0 socketio-jwt repo will be removed in September, but this should not affect your fork.
But you mentioned that you are not using this event anymore, so I guess that’s something we would like to see maintained.
It’s one of the core features of this package as far as I can see.
PS: I note perhaps there was a misunderstanding, as my original issue I incorrecly called the event authenticate instead of authenticated, but I was referring to authenticated of course as per the code examples in the issue.
Right, yes we’re not using the authenticated event.
Compared to the auth0 package, we are only using the One roundtrip way to authenticate.
Do you really need the authenticated event ?
If I understood well, you want to be able to authenticate differently for each namespaces, maybe that could be done with the One roundtrip way too.
Please open an issue on the thream/socketio-jwt repo! Thanks.
Oh, I see! Since there may be projects that are currently using the package, it’d be best if they had different names to avoid any confusion. Thanks!
I made the decision that we’ll rename our package from @thream/socketio-jwt to socket.io-jwt.
Not yet, but probably soon if the npm will be still available, hopefully yes.