auth0-python
auth0-python copied to clipboard
auth0
Allow for urllib3 < 2.x
Checklist
- [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
- [X] I have looked into the API documentation and have not found a suitable solution or answer.
- [X] I have searched the issues and have not found a suitable solution or answer.
- [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- [X] I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
In version 4.6 it appears a pin was added to urllib3 in the following commit: https://github.com/auth0/auth0-python/commit/91863ccf3371a5fa3aca409973d4bf42146bcb2d
This issue is, when using AWS lambda with python 3.9 urllib 2.x is not supported, infact the botocore library pin urllib3 < 1.27 for python < 3.10. See: https://github.com/boto/botocore/blob/develop/setup.py#L28
At the moment we cannot yet update to python 3.10+, so I'm getting conflicts with botocore when trying to use the latest auto0-python library.
Do you 100% need the urllib3 pin to 2.x? Or could you allow <1.27 for Python <= 3.9
Describe the ideal solution
Change the dependency pinning so urllib < 2.x can be used for python 3.9
Alternatives and current workarounds
At the moment I'm considering updating using auth0-python version 4.5.
Additional context
No response
Seconding this. Happy to open a PR making that requirement a bit less strict.
This is probably a dependabot thing? Seems it automatically bumps the version a bunch -- but that's just the poetry lock, right?
@evansims Any thoughts on this?
Amazon is not supporting urllib3<2 for Python < 3.10. See https://github.com/boto/botocore/issues/3138#issuecomment-1986927748
Would you accept a PR putting python version specific constraints on urllib3? Here is what botocore has in their setup.py:
requires = [
# ...
'urllib3>=1.25.4,<1.27 ; python_version < "3.10"',
'urllib3>=1.25.4,<2.1 ; python_version >= "3.10"',
]