Lib should be using latest secure, stable release of oauth2client?

[robcharlwood]

Currently this project is pinned to require oauth2client==3.0.0, however the most recent version is 4.1.2. There were security and stability improvements made in this package since 3.0.0 was released. Shouldn't this package be updated to support and use the newest version.

I appreciate that oauth2client is now deprecated and that going forward this project should favour using google-auth and oauthlib. But until time is found to update this project to use those two libraries, we should at the very least use the latest stable release of oauth2client?

Thanks!

[inklesspen]

oauth2client 4.0.0 and later cannot function on App Engine Standard, unfortunately; at least not in combination with this library.

More specifically, this library uses apitools, which uses oauth2client. apitools also uses either oauth2client.contrib.multistore_file in 3.0.0 or oauth2client.contrib.multiprocess_file_storage in 4.0.0 and higher. multiprocess_file_storage uses the fasteners library, which does not work on App Engine Standard because of sandbox limitations.

The tests pass for your PR because they're not actually running on App Engine. If you try deploying an app using your branch, you'll see what I mean.

[robcharlwood]

@inklesspen ah Thanks Rose - yes I see. It's screaming at me now on AppEngine.

Thanks very much for your help. I guess we are suck with the older version! :)