Skip to content

feat: Deprecation DEPPS113: Config option enableInsecureAuthAdapters defaults to false #9982

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mtrezza merged 2 commits into from
Dec 14, 2025
+8 −8
Merged

feat: Deprecation DEPPS113: Config option enableInsecureAuthAdapters defaults to false #9982

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f592ac8
fix
mtrezza Dec 14, 2025
0632e20
test
mtrezza Dec 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions DEPRECATIONS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ The following is a list of deprecations, according to the [Deprecation Policy](h
| DEPPS10 | Encode `Parse.Object` in Cloud Function and remove option `encodeParseObjectInCloudFunction` | [#8634](https://github.com/parse-community/parse-server/issues/8634) | 6.2.0 (2023) | 9.0.0 (2026) | removed | - |
| DEPPS11 | Replace `PublicAPIRouter` with `PagesRouter` | [#7625](https://github.com/parse-community/parse-server/issues/7625) | 8.0.0 (2025) | 9.0.0 (2026) | removed | - |
| DEPPS12 | Database option `allowPublicExplain` defaults to `false` | [#7519](https://github.com/parse-community/parse-server/issues/7519) | 8.5.0 (2025) | 9.0.0 (2026) | removed | - |
| DEPPS13 | Config option `enableInsecureAuthAdapters` defaults to `false` | [#9667](https://github.com/parse-community/parse-server/pull/9667) | 8.0.0 (2025) | 9.0.0 (2026) | removed | - |
Copy link

@coderabbitai coderabbitai bot Dec 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

DEPRECATIONS.md: DEPPS13 status looks incorrect (“removed” vs “deprecated”)
If enableInsecureAuthAdapters still exists (it does in this PR) and insecure adapters are only deprecated, the status should likely be deprecated, not removed, otherwise readers will assume the option is already gone.

-| DEPPS13 | Config option `enableInsecureAuthAdapters` defaults to `false`                               | [#9667](https://github.com/parse-community/parse-server/pull/9667)   | 8.0.0 (2025)                    | 9.0.0 (2026)                    | removed               | -     |
+| DEPPS13 | Config option `enableInsecureAuthAdapters` defaults to `false`                               | [#9667](https://github.com/parse-community/parse-server/pull/9667)   | 8.0.0 (2025)                    | 9.0.0 (2026)                    | deprecated            | -     |
🤖 Prompt for AI Agents 
In DEPRECATIONS.md around line 19, the DEPPS13 row incorrectly marks the Config
option `enableInsecureAuthAdapters` as "removed" while the option still exists
and is being deprecated; update that table cell from "removed" to "deprecated"
(and ensure the deprecation/removal version columns remain accurate: keep 8.0.0
(2025) as the deprecation target and 9.0.0 (2026) as the removal target) so
readers understand the option is deprecated rather than already removed.

Copy link
Member Author

@mtrezza mtrezza Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fine, the table entry was actually missing, so this goes straight to the "removed" state.

Copy link

@coderabbitai coderabbitai bot Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mtrezza, thank you for the clarification! I understand now – since the deprecation already occurred in an earlier version and the table entry was simply missing, it's appropriate to add it directly with the "removed" status. This makes sense for backfilling the documentation.

🧠 Learnings used 
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:20.138Z
Learning: For Parse Server 9 release (PR #9938 and related), the parse/push-adapter dependency must be upgraded to version >= 8.0.0, not 7.0.0. Version 8.x drops support for Node 18.

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:08.440Z
Learning: For Parse Server 9 release preparation, the parse/push-adapter dependency should be upgraded to version >= 8.0.0, not 7.x, as version 8.x is required despite dropping Node 18 support (which aligns with Parse Server 9's removal of EOL Node versions).

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-08T13:46:04.940Z
Learning: For new Parse Server options, verify that the option is documented in src/Options/index.js and that npm run definitions has been executed to reflect changes in src/Options/docs.js and src/Options/Definitions.js. README.md documentation is a bonus but not required for new options.

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-08T13:46:04.940Z
Learning: When reviewing Parse Server PRs that add new features, always check whether the feature is documented in the README.md file, though for new Parse Server options this is optional rather than required.

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T06:55:53.808Z
Learning: When reviewing Parse Server PRs that add or modify Parse Server options, always verify that changes are properly reflected in three files: src/Options/index.js (where changes originate), src/Options/Definitions.js, and src/Options/docs.js. The correct workflow is: make changes in index.js first, then run `npm run definitions` to automatically replicate the changes to Definitions.js and docs.js.

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-17T15:02:48.786Z
Learning: For Parse Server PRs, always suggest an Angular commit convention PR title that would make a meaningful changelog entry for developers. Update the PR title suggestion on every commit. The format should be: type(scope): description. Common types include feat, fix, perf, refactor, docs, test, chore. The scope should identify the subsystem (e.g., graphql, rest, push, security). The description should be action-oriented and clearly convey the change's impact to developers.

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-17T15:02:24.824Z
Learning: For Parse Server PRs, always suggest an Angular-style PR title that would make a meaningful changelog entry for developers. Update the PR title suggestion with every new commit to the PR.


[i_deprecation]: ## "The version and date of the deprecation."
[i_removal]: ## "The version and date of the planned removal."
Expand Down
1 change: 1 addition & 0 deletions spec/SecurityCheckGroups.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ describe('Security Check Groups', () => {
config.masterKey = 'insecure';
config.security.enableCheckLog = true;
config.allowClientClassCreation = true;
config.enableInsecureAuthAdapters = true;
config.graphQLPublicIntrospection = true;
await reconfigureServer(config);

Expand Down
4 changes: 1 addition & 3 deletions src/Deprecator/Deprecations.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,4 @@
*
* If there are no deprecations, this must return an empty array.
*/
module.exports = [
{ optionKey: 'enableInsecureAuthAdapters', changeNewDefault: 'false' },
];
module.exports = [];
4 changes: 2 additions & 2 deletions src/Options/Definitions.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,9 +244,9 @@ module.exports.ParseServerOptions = {
enableInsecureAuthAdapters: {
env: 'PARSE_SERVER_ENABLE_INSECURE_AUTH_ADAPTERS',
help:
'Enable (or disable) insecure auth adapters, defaults to true. Insecure auth adapters are deprecated and it is recommended to disable them.',
'Optional. Enables insecure authentication adapters. Insecure auth adapters are deprecated and will be removed in a future version. Defaults to `false`.',
action: parsers.booleanParser,
default: true,
default: false,
},
enableSanitizedErrorResponse: {
env: 'PARSE_SERVER_ENABLE_SANITIZED_ERROR_RESPONSE',
Expand Down
2 changes: 1 addition & 1 deletion src/Options/docs.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions src/Options/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,9 +167,9 @@ export interface ParseServerOptions {
/* Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication
:ENV: PARSE_SERVER_AUTH_PROVIDERS */
auth: ?{ [string]: AuthAdapter };
/* Enable (or disable) insecure auth adapters, defaults to true. Insecure auth adapters are deprecated and it is recommended to disable them.
/* Optional. Enables insecure authentication adapters. Insecure auth adapters are deprecated and will be removed in a future version. Defaults to `false`.
:ENV: PARSE_SERVER_ENABLE_INSECURE_AUTH_ADAPTERS
:DEFAULT: true */
:DEFAULT: false */
enableInsecureAuthAdapters: ?boolean;
/* Max file size for uploads, defaults to 20mb
:DEFAULT: 20mb */
Expand Down
Loading