Skip to content

chore(identity): drop unused location, browser, os SessionStatus fields#585

Merged
mattdjenkinson merged 1 commit intomainfrom
chore/drop-unused-session-enrichment-fields
Apr 28, 2026
Merged

chore(identity): drop unused location, browser, os SessionStatus fields#585
mattdjenkinson merged 1 commit intomainfrom
chore/drop-unused-session-enrichment-fields

Conversation

@mattdjenkinson
Copy link
Copy Markdown
Contributor

@mattdjenkinson mattdjenkinson commented Apr 28, 2026

Summary

  • Removes location, browser, and os from SessionStatus (added in feat: add user agent field and updatedAt to session endpoint #534).
  • Keeps ip, fingerprintID, lastUpdatedAt, and userAgent — those are the raw fields the auth provider actually populates.
  • Regenerates zz_generated.openapi.go via `task generate:openapi:identity`.
  • Hand-edits docs/api/identity.md to remove the three rows from the SessionStatus table (this file is hand-maintained because config/crd/bases/identity/ is empty).

Why

The session-enrichment topology has been re-aligned: the GraphQL gateway now fetches sessions from this API and produces its own ExtendedSession type with geolocation and parsed user-agent attached. The auth-provider-zitadel apiserver only writes raw values, so these three derived-data fields on SessionStatus are never populated. Leaving them in place would suggest the API surfaces data it doesn't actually carry.

Companion PRs

  • datum-cloud/auth-provider-zitadel#81 — corrected to expose raw IP / fingerprint / lastUpdatedAt / userAgent only (no enrichment).
  • datum-cloud/graphql-gateway — new sessions resolver coming next.
  • datum-cloud/infra#2268 — auth-provider gateway-call wiring removed; gateway-side MaxMind plumbing retained.

Test plan

  • `task generate:code` and `task generate:openapi:identity` clean.
  • `go build ./pkg/apis/...` clean.
  • After this lands and milo cuts `v0.24.6`, bump `go.miloapis.com/milo` in auth-provider-zitadel to drop the now-stale dependency on the removed fields (no code changes needed there since the auth provider never set them).

@mattdjenkinson
chore(identity): drop unused location, browser, and os SessionStatus …
d5d50b1 
…fields

Session enrichment now happens in the GraphQL gateway, which fetches
sessions from this API and adds geolocation + parsed user-agent to its
own ExtendedSession output. The identity API surface no longer needs
its own derived-data fields — they were never populated by the auth
provider, so leaving them in place would only mislead API consumers.

Keep ip, fingerprintID, lastUpdatedAt, and userAgent — those are raw
fields the auth provider does populate and the gateway reads to do
enrichment.

zz_generated.openapi.go regenerated via task generate:openapi:identity.
docs/api/identity.md edited by hand (this file is hand-maintained
because config/crd/bases/identity/ has no CRD YAMLs).
@joggrbot
Copy link
Copy Markdown
Contributor

joggrbot Bot commented Apr 28, 2026
edited
Loading

📝 Documentation Analysis

Joggr found 1 outdated docs in the pull request.

Autofix

No autofixes were applied.

Outdated

file reason confidence
docs/api/identity.md The documentation for SessionStatus lists the Location, Browser, and OS fields, but all three have been removed from the SessionStatus struct in the code, making the doc significantly inaccurate in describing the object. 92.3%

✅ Latest commit analyzed: d5d50b1 | Powered by Joggr

@mattdjenkinson mattdjenkinson merged commit 7d34047 into main Apr 28, 2026
8 of 9 checks passed
@mattdjenkinson mattdjenkinson deleted the chore/drop-unused-session-enrichment-fields branch April 28, 2026 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scotwells scotwells scotwells approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattdjenkinson @scotwells