search

samdjstevens / java-totp

A java library for implementing Time-based One Time Passwords for Multi-Factor Authentication.
MIT License
422 stars 103 forks source link

RFE : declare commons-net as an optionnal dependency #12

Closed OlivierJaquemet closed 4 years ago

OlivierJaquemet commented 4 years ago

In the current state of java-totp, the commons-net is only used for NtpTimeProvider feature.

My suggestion would be to declare commons-net as an optional dependency, and update the documentation, to indicate that use of NtpTimeProvider requires an additional explicit declaration of commons-net. This would reduce the default transitive dependencies to the minimum required.

Resources : https://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html

Workaround for user of you library that wish to reduce their transitive dependencies : exclude commons-net from their pom : 

     <dependency>
      <groupId>dev.samstevens.totp</groupId>
      <artifactId>totp</artifactId>
      <exclusions>
        <!-- Exclude commons-net, it is used by samsstevens-topt for Ntp implementation, we don't use this -->
        <exclusion>
          <groupId>commons-net</groupId>
          <artifactId>commons-net</artifactId>
        </exclusion>
        <!-- Exclude jcommander, it is used by xzing in commandline, we don't use this -->
        <exclusion>
          <groupId>com.beust</groupId>
          <artifactId>jcommander</artifactId>
        </exclusion>
      </exclusions>
    </dependency>

PS : thanks for providing this nice and simple library. 👍🏻👍🏻

samdjstevens commented 4 years ago

Makes sense to me - I've created a quick PR which I think achieves this if you want to give it a look over?