Hi, I just noticed the deprecation notice of the ember-simple-auth-auth0 package
It is still active and I use it myself in actively maintained apps
It seems much of the inactivity in the code contributions was due to an issue with transferring the contributor privileges for github and npm to the maintainer?
Some major updates are coming up with Emberjs this year and I would like to keep using and contribute to this package. In my experience people choose ember as a framework was because changes happen slowly, so I donât think 8 months since the latest merged PR should be a reason to deprecate it. I hope the ownership issues can be sorted out and that it can remain owned by auth0 community
Iâm really bummed to hear that auth0-socketio-jwt is being deprecated - it forms the core of authentication in my shipped service, and in fact was the reason I selected Auth0 as my authentication provider in the first place.
Can you consider keeping the repo alive but turning it over to the community for maintenance instead, rather than actively deleting it? The repo already was listed as community maintained - what is Auth0 gaining by taking it away?
For transparency reasons, let me explain that here as we want to be fully open about what we do and why we do it.
Itâs not only socketio-jwt repo that we have decided to deprecate to start with. The core reason is that all the repos that are / were under auth0-community GitHub organisation were âmaintained by communityâ for a really long time (a few years now). Truth to be told we didnât have enough bandwidth internally to keep maintaining those repos ourselves thatâs why itâs been moved under community a few years ago.
During that time, even though Auth0 wasnât actively maintaining those repos, we did a few attempts looking for potential maintainers on community but eventually didnât get that much traction. In the meantime we received a relatively big amount of questions / feature requests regarding those repos and as I said we donât have bandwidth to maintain that.
Collecting all the usage data from those repos we decided to eventually deprecate them. You can ask why not kind of outsource them to community eventually? The reason is trivial and super simple. Compliance, legal, brand awareness. What would happen if some code changes were made to Auth0 branded repos that would eventually expose some security risks or vulnerabilities.
Terribly sorry for all the inconvenience and thank you a lot for your understanding. Weâre still open to help if we can regarding the stack choice and developer support we offer. Thank you!