flask-oidc icon indicating copy to clipboard operation
flask-oidc copied to clipboard

Published 20 hours ago verified publisher icon puiterwijk

ImportError: cannot import name 'JSONWebSignatureSerializer' from 'itsdangerous'

Open khteh opened this issue 2 years ago • 19 comments

Python 3.10.4 pipenv, version 2022.5.2 flask-oidc 1.4.0 Exception happens on the following import line:

from flask_oidc import OpenIDConnect

khteh avatar Jun 09 '22 05:06 khteh

Hello, This class has been removed in itsdangerous 2.1.0 : https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-0

It was mentioned in https://github.com/puiterwijk/flask-oidc/issues/3 ...

In your Pipfile, could you please add itsdangerous = "<2.1" ?

Mikaciu avatar Jun 09 '22 09:06 Mikaciu

How long can you stay in this deprecated functionality? Instead of going backward, this library should be updated to use proper library as described here:

https://itsdangerous.palletsprojects.com/en/2.1.x/changes/ https://docs.authlib.org/en/latest/jose/jws.html

khteh avatar Jun 09 '22 09:06 khteh

I honestly don't know, I had the same issue several days ago and thought it would be helpful to share ;)

Mikaciu avatar Jun 10 '22 05:06 Mikaciu

Apparently fixed in https://github.com/puiterwijk/flask-oidc/pull/144

ecederstrand avatar Jul 21 '22 08:07 ecederstrand

confirming that installing #144 fixes it.

gcalmettes avatar Aug 05 '22 10:08 gcalmettes

Fixed? Install? What do you mean and how? https://github.com/puiterwijk/flask-oidc/pull/144 is not even merged yet!?

khteh avatar Aug 06 '22 02:08 khteh

@khteh you can install the changes introduced by #144 by specifying directly the MR or the commit you want in your pip install command.

e.g.: pip install git+https://github.com/puiterwijk/flask-oidc.git@b10e6bf881a3fe0c3972e4093648f2b77f32a97c

On our end, we are using a custom security manager for Airflow to connect using OIDC, which relies on flask-oidc underneath (https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-openid). Because the dependency on itsdangerous is not pinned, the latest build broke the oidc workflow to connect to Airflow, but adding the latest commit of #144 as dependency in our docker build (command above) fixed it.

Note that pip install git+https://github.com/puiterwijk/flask-oidc.git@refs/pull/144/head as specified in #152 would also work if you don't want to freeze to a specific commit and benefit from the update made to the MR.

gcalmettes avatar Aug 06 '22 06:08 gcalmettes

What stops you from merging and releasing the fix as a new version?

khteh avatar Aug 06 '22 07:08 khteh

@khteh well, one would need to have the proper rights on the repo for that, so this decision relies on @puiterwijk’s approval of the PR. In the meantime targeting the code of the PR for the install is a workaround.

gcalmettes avatar Aug 06 '22 07:08 gcalmettes

Ok. Thanks. BTW, what's MR?

khteh avatar Aug 06 '22 08:08 khteh

Sorry, I mixed the Gitlab’s way of defining things. MR = Merge request (which is Gitlab’s denomination for Pull Request).

gcalmettes avatar Aug 06 '22 08:08 gcalmettes

For those using pipenv: pipenv install git+https://github.com/puiterwijk/flask-oidc.git@refs/pull/144/head#egg=flask-oidc

khteh avatar Aug 06 '22 09:08 khteh

@puiterwijk could this PR please be merged and released?

marcelrend avatar Nov 07 '22 05:11 marcelrend

Are there any possible workaround this issue? It seems it will take a while to merge the fix to master.

frafful avatar Dec 22 '22 12:12 frafful

Yes. See https://github.com/puiterwijk/flask-oidc/issues/147#issuecomment-1207160732

ecederstrand avatar Dec 22 '22 14:12 ecederstrand

So it's 2023, 4 months later, is this still the issue and is it not yet updated?

Nixellion avatar Apr 22 '23 07:04 Nixellion

if it fixed, why dont you get updated?

nebucadnezzar avatar Apr 26 '23 14:04 nebucadnezzar

Came here hoping for a fix too.

macmule avatar May 09 '23 11:05 macmule

Still waiting on a fix…

frozenpandaman avatar Jul 31 '23 10:07 frozenpandaman