Skip to content

RFC 088: Migrating identity, requesting and items APIs from Sierra to FOLIO#153

Merged
kenoir merged 8 commits into
mainfrom
rk/identity-requesting-rfc
Jun 24, 2026
Merged

RFC 088: Migrating identity, requesting and items APIs from Sierra to FOLIO#153
kenoir merged 8 commits into
mainfrom
rk/identity-requesting-rfc

Conversation

@kenoir

@kenoir kenoir commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Preview

View the rendered RFC on this branch:

What does this change?

Adds RFC 088: Migrating identity, requesting and items APIs from Sierra to FOLIO, plus its supporting API contract and docs tooling. This is documentation only; there are no production code changes.

The RFC describes how we move the identity, requesting and item-availability APIs that power wellcomecollection.org from our current LMS (Sierra) to its replacement (FOLIO). It covers:

  • Architecture. A parallel, FOLIO-backed v2 identity API fronted by Auth0, built as Python Lambdas behind API Gateway (user + m2m Lambda authorizers validating Auth0 JWTs). The website's identity webapp BFF is the only production consumer. v2 is stood up alongside v1 (versioned by hostname) and accepts the existing v1 Auth0 audience so already-issued tokens keep working.
  • API surface: v1 → v2. Route-by-route dispositions for the identity/requesting/item-availability endpoints, a condensed Sierra → FOLIO endpoint/module mapping, and the embedded API contract (linked to openapi.yaml / openapi.md).
  • Migration plan. A per-request website toggle (reusing existing server-side API-base-URL/key toggle precedent, with cookie overrides and no redeploy), lazy patron migration within the existing Auth0 tenant (Auth0 captures password hashes at login while Sierra is still available), and a single coordinated cutover window in which identity, requesting and the LMS operational move happen together. The guiding principle is to change one variable at a time: the implementation changes (Sierra → FOLIO), the contract does not.
  • Open questions to resolve before cutover: identifier translation for requesting; requesting business rules vs FOLIO circulation rules; Auth0 account removal after a FOLIO-side deletion; barcode/role format; and running the new items API alongside the existing v2 catalogue API items endpoint (with a candidate direction of a v3 catalogue API serving only the new FOLIO-backed items endpoint).

The RFC is written to be self-contained and openly accessible, reproducing the architecture, contract, migration plan and open questions in full so it does not depend on the closed discovery/prototype repository.

Files added:

  • rfcs/088-folio-identity-requesting-migration/README.md: the RFC document.
  • rfcs/README.md: refreshed RFC listing table (RFC 088 row added).
  • rfcs/088-folio-identity-requesting-migration/openapi.yaml: the extracted OpenAPI 3.1 spec for the v2 identity API (users / m2m / items routes only).
  • rfcs/088-folio-identity-requesting-migration/openapi.md: generated human-readable rendering of the spec, browsable on GitHub without a Swagger/Redoc renderer.
  • render_docs.py, pyproject.toml, .python-version, .gitignore, uv.lock: a self-contained uv project that validates openapi.yaml and regenerates openapi.md.

How to test

  • Read rfcs/088-folio-identity-requesting-migration/README.md and review the architecture, v1 → v2 surface, migration plan and open questions.
  • Confirm the RFC passes repo validation: .scripts/validate_rfc.py.
  • Confirm the listing table is in sync: .scripts/create_table_summary.py --check-readme.
  • (Optional) Regenerate the rendered contract and confirm no diff: from the RFC directory, uv run python render_docs.py: this validates openapi.yaml against the OpenAPI spec validator and rewrites openapi.md.

How can we measure success?

No measurable runtime success criteria; this is a documentation RFC. Success is the RFC being reviewed and providing a clear, self-contained plan and API contract that the team can align on ahead of the Sierra → FOLIO cutover.

Have we considered potential risks?

  • Documentation only; no production code or infrastructure is changed by this PR, so there is no runtime or deployment risk.
  • The migration risks themselves (lazy patron migration, the single coordinated cutover, identifier translation, requesting business rules, account-deletion propagation, items-API parallel run) are enumerated in the RFC's Risks and Open questions sections and are intended to be the subject of review.
  • The OpenAPI spec is validated and the rendered Markdown is generated from it, reducing the chance of the contract and its human-readable rendering drifting apart.

kenoir and others added 2 commits June 15, 2026 11:26
@kenoir @claude
Add RFC 088: Migrating identity, requesting and items APIs to FOLIO
99dc2d5 
Adds a self-contained RFC describing the move of the identity, requesting
and item-availability APIs from Sierra to FOLIO: a parallel FOLIO-backed v2
identity API fronted by Auth0, the toggle + lazy-migration plan with a single
coordinated cutover, the v1 -> v2 route dispositions, and the open questions
(including running the new items API alongside the existing catalogue API).
Links the API contract out to openapi.yaml / openapi.md. Refreshes the RFC
listing table.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kenoir @claude
Add v2 identity API OpenAPI spec and docs tooling for RFC 088
a0f167a 
Extracts the v2 identity API contract into openapi.yaml (intended routes only:
users / m2m / items) and adds a self-contained uv project that validates the
spec and renders it to openapi.md for in-repo browsing (run via
`uv run python render_docs.py`).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kenoir kenoir requested review from a team as code owners June 15, 2026 10:28
@kenoir kenoir mentioned this pull request Jun 15, 2026
Closed
kenoir and others added 3 commits June 15, 2026 11:52
@kenoir @claude
Reframe items-requestability/cancel row to drop prototype references
d19ece3 
The "New in v2" row and the Browsing-section sentence referenced the
prototype's transitional /user/{user_id}/* routes, which this RFC does not
expose (the embedded contract is users/m2m/items only) — confusing for a
reader. Reframe both as planned additions to the /users/{userId} surface, not
yet in the contract.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kenoir @claude
Remove em-dashes and trim LLM-trope tone from RFC 088
77a5a6c 
Rephrases em-dashes (and one en-dash) across the RFC, spec descriptions and
tooling comments as colons/commas/parentheses or split sentences; changes the
openapi.md renderer's empty-cell placeholder from an em-dash to "n/a" and the
server/header separators accordingly, then regenerates openapi.md. Light tone
pass (e.g. drops "the heart of"); keeps content and house-style bold lead-ins.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kenoir @claude
Clarify FOLIO_REGISTER_EMAIL_PATTERN row and its interaction with the…
5d7ea3d 
… default

Adds an example matching address and spells out that the email pattern and
FOLIO_REGISTER_DEFAULT combine as an OR: before cutover (default off) only
pattern-matching signups register; at cutover the default flips on and registers
everyone, making the pattern moot.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
agnesgaroux
agnesgaroux reviewed Jun 16, 2026
View reviewed changes
Comment thread rfcs/088-folio-identity-requesting-migration/README.md
agnesgaroux
agnesgaroux reviewed Jun 16, 2026
View reviewed changes
Comment thread rfcs/088-folio-identity-requesting-migration/README.md
agnesgaroux
agnesgaroux reviewed Jun 16, 2026
View reviewed changes
Comment thread rfcs/088-folio-identity-requesting-migration/README.md
@kenoir kenoir mentioned this pull request Jun 18, 2026
Open
StepanBrychta
StepanBrychta reviewed Jun 18, 2026
View reviewed changes
Comment thread rfcs/088-folio-identity-requesting-migration/README.md
@kenoir

kenoir commented Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Note this resolves: wellcomecollection/platform#6345

kenoir and others added 2 commits June 22, 2026 15:41
@kenoir @claude
Address RFC 088 review feedback: Sierra in lazy-migration diagram, ad…
71ee1ff 
…ditive requestable flag, externalSystemId caveat

- Add Sierra (custom-DB) participant to the lazy-migration sequence diagram,
  showing the login-script credential verification / password-hash capture that
  the prose already describes.
- Clarify the items requestable flag is additive (the works page keeps using the
  location access status/method) and a prototype affordance, pointing at the
  existing requesting business rules open question.
- Note that what externalSystemId carries is not yet firmly decided.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kenoir @claude
Remove em-dashes and trim LLM-trope tone from RFC 088 review edits
0ff532c 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
agnesgaroux
agnesgaroux approved these changes Jun 23, 2026
View reviewed changes

@agnesgaroux agnesgaroux left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do it 💪

@kenoir @claude
Regenerate RFC index table to sync RFC 088 last-modified date
eb7651d 
Fixes the failing validate-rfcs check, which runs
create_table_summary.py --check-readme.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kenoir kenoir merged commit 6fb0354 into main Jun 24, 2026
7 checks passed
@kenoir kenoir deleted the rk/identity-requesting-rfc branch June 24, 2026 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StepanBrychta StepanBrychta StepanBrychta left review comments
@agnesgaroux agnesgaroux agnesgaroux approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kenoir @StepanBrychta @agnesgaroux