search

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
https://authlib.org/
BSD 3-Clause "New" or "Revised" License
4.54k stars 452 forks source link

Specify cyptography version #290

Closed alanb-sony closed 3 years ago

alanb-sony commented 3 years ago

Due to the use of cryptography.hazmat.primitives.asymmetric.ed25519 which seems to have been added in version 2.6: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519.html should the requirement on cryptography specify a minimum version?

older versions of cryptography result in:

    from authlib.jose import jwt
  File "/Users/runner/hostedtoolcache/Python/3.8.6/x64/lib/python3.8/site-packages/authlib/jose/__init__.py", line 24, in <module>
    from .rfc8037 import OKPKey, register_jws_rfc8037
  File "/Users/runner/hostedtoolcache/Python/3.8.6/x64/lib/python3.8/site-packages/authlib/jose/rfc8037/__init__.py", line 1, in <module>
    from .okp_key import OKPKey
  File "/Users/runner/hostedtoolcache/Python/3.8.6/x64/lib/python3.8/site-packages/authlib/jose/rfc8037/okp_key.py", line 1, in <module>
    from cryptography.hazmat.primitives.asymmetric.ed25519 import (
ModuleNotFoundError: No module named 'cryptography.hazmat.primitives.asymmetric.ed25519'

Note this was found when running https://github.com/AMWA-TV/nmos-testing/ on a Mac with Conan installed, for some reason Conan requires cryptography < 2.4 on macos.

lepture commented 3 years ago

@alanb-sony cryptography 2.6 was released in Feb, 2019, which is very long time ago. I think this is not an issue for ed25519. But I will add a minimal version in setup.py next time.

lepture commented 3 years ago

Added in setup.py