authlib depends on cryptography but only defines this in the install_requires array of the packaging configuration (setup.cfg), but not in the dependencies array.
To Reproduce
Install authlib, e.g. pip install authlib
This would also install cryptography if not yet available.
Remove cryptography, e.g. pip uninstall cryptography
There will be no warning about violating authlib's runtime dependencies, as it is only marked as required during install.
Use authlib, e.g. create a JWT
This will fail due to missing dependency cryptography.
Expected behavior
If cryptography is really required during install, keep it in install_requires and add the same to the dependencies.
If cryptography is only required during runtime, move it from install_requires to dependencies.
Environment:
OS: Yocto (kirkstone)
Python Version: 3.10
Authlib Version: 1.2.1
Additional context
I ran into this when integrating authlib into a Yocto project. The runtime dependency was not obvious from the setup.cfg, hence I made cryptography only available during installation, but not part of the target system.
Describe the bug
authlib
depends oncryptography
but only defines this in theinstall_requires
array of the packaging configuration (setup.cfg
), but not in thedependencies
array.To Reproduce
authlib
, e.g.pip install authlib
This would also installcryptography
if not yet available.cryptography
, e.g.pip uninstall cryptography
There will be no warning about violatingauthlib
's runtime dependencies, as it is only marked as required during install.authlib
, e.g. create a JWT This will fail due to missing dependencycryptography
.Expected behavior
cryptography
is really required during install, keep it ininstall_requires
and add the same to thedependencies
.cryptography
is only required during runtime, move it frominstall_requires
todependencies
.Environment:
Additional context
I ran into this when integrating
authlib
into a Yocto project. The runtime dependency was not obvious from thesetup.cfg
, hence I madecryptography
only available during installation, but not part of the target system.