diff --git a/docs/releases/vNext/upgrade-vNext.md b/docs/releases/vNext/upgrade-vNext.md index 8d3227f3..7d8c292b 100644 --- a/docs/releases/vNext/upgrade-vNext.md +++ b/docs/releases/vNext/upgrade-vNext.md @@ -103,6 +103,16 @@ oaipmh_service = current_rdm_records.oaipmh_server_service oaipmh_service.rebuild_index(identity=system_identity) ``` +#### OAuth client changes + +The `extra_data` column of the `oauthclient_remoteaccount` table, storing remote-specific user information as required by various integrations, has been migrated from the `JSON` type to the `JSONB` type (only on PostgreSQL databases). +This gives significant performance improvements when running certain queries. +An automated Alembic migration is included and will be executed when you run the [database migration](#database-migration) step below. + +However, if your `oauthclient_remoteaccount` table has more than ~50k rows, this operation could overload your database and create a lock lasting several minutes, due to the need to individually transform every row. +To avoid issues in such cases, we recommend instead running the migration manually. +Please follow [the upgrade guide](https://invenio-oauthclient.readthedocs.io/en/latest/upgrading.html#v6-0-0). + #### Upgrade option 1: In-place This approach upgrades the dependencies in place. At the end of the process, diff --git a/docs/releases/vNext/version-vNext.md b/docs/releases/vNext/version-vNext.md index 811c4c47..06e8b75d 100644 --- a/docs/releases/vNext/version-vNext.md +++ b/docs/releases/vNext/version-vNext.md @@ -29,6 +29,14 @@ This feature is also [highly customisable](../../operate/customize/record_deleti https://github.com/inveniosoftware/invenio-previewer/pull/224 +### OAuth improvements + +We've added a few small but crucial improvements to the [invenio-oauthclient](https://github.com/inveniosoftware/invenio-oauthclient) module, improving security and bringing Invenio's third-party authentication in line with modern standards. + +- **Refresh tokens** are now supported, meaning we now have full compatibility with all OAuth 2.0 authorization servers. This means we can securely store long-lived tokens and exchange them for short-lived access tokens as and when needed, allowing us to integrate with modern third-party apps ([invenio-oauthclient#328](https://github.com/inveniosoftware/invenio-oauthclient/pull/328)). + +- The `extra_data` column of the `oauthclient_remoteaccount` table is now stored in the more efficient `JSONB` type when using PostgreSQL, improving the performance and flexibility of queries ([invenio-oauthclient#360](https://github.com/inveniosoftware/invenio-oauthclient/pull/360)). + ### Miscellaneous additions Here is a quick summary of the myriad of other improvements in this release: @@ -46,6 +54,8 @@ Here is a quick summary of the myriad of other improvements in this release: - Overridables in the deposit form have been modified to improve consistency in structure and naming conventions. This has involved renaming the IDs of several ``s, but none have been removed. If you are using these IDs to override components, please see [the full list of updates](https://github.com/inveniosoftware/invenio-rdm-records/pull/2101/files#diff-ff3c479edefad986d2fe6fe7ead575a46b086e3bbcf0ccc86d85efc4a4c63c79) and change your IDs accordingly. +- The changes to [invenio-oauthclient](https://github.com/inveniosoftware/invenio-oauthclient) include automated database migrations that will run smoothly for most instances. However, if your `oauthclient_remoteaccount` table has more than ~50k rows, please instead [follow the manual steps](./upgrade-vNext.md#oauth-client-changes). + ## Requirements InvenioRDM vNext supports: