release 1.2.0 forces oauthlib-3.0.0 which breaks Flask-OAuthlib

[robnagler]

I just did normal pip install and got a conflict. Flask-OAuthlib request < oauthlib-3.0.0.

Since 1.2.0 is a minor release, it would seem like a bad idea to force a change to a major release of oauthlib.

[ivanpricewaycom]

we have a project that connects to Salesforce's streaming API which was broken by this also. pinning requests-oauthlib to 1.1.0 'fixes' the problem.

[singingwolfboy]

I apologize for the problems you've been having. I was following @jvanasco's advice provided here -- he has the most context around this change.

Regardless, requests-oauthlib 1.2.0 has been tagged and published, and trying to revert or remove the release seems like it would cause more harm than good. If anyone has other practical suggestions for how to resolve this issue, I'm open to hearing them.

[jvanasco]

Is there any actual broken code or functionality, or is this just a dependency conflict (i.e. things won't install). If it's the former, can people share some exceptions and stack traces? If it's the latter, which this appears to be, imho the best fix would be getting flask-oauthlib to make a new release that works with 3.0 (which most likely means not changing anything but their version pin).

…

On Jan 17, 2019, at 8:23 AM, David Baumgold ***@***.***> wrote: I apologize for the problems you've been having. I was following @jvanasco's advice provided here -- he has the most context around this change. Regardless, requests-oauthlib 1.2.0 has been tagged and published, and trying to revert or remove the release seems like it would cause more harm than good. If anyone has other practical suggestions for how to resolve this issue, I'm open to hearing them. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[singingwolfboy]

It appears that Flask-OAuthlib has already changed their dependencies to avoid this problem.

I should also mention that Flask-Dance also does OAuth with Flask, and it is compatible with oauthlib 3.0. Personally, I prefer Flask-Dance over Flask-OAuthlib -- but then, I'm the author of Flask-Dance, so I'm biased. 😄

[ivanpricewaycom]

no need to apologise!

I include our stacktrace here for what it's worth (not much maybe). I didn't spend any time debugging this, as it was clearly a dependency problem.. its easy for us to test if you come up with any fixes.

For info we use requests-oauth because it comes with this project:

https://github.com/SalesforceFoundation/salesforce-requests-oauthlib

Their current dependency on you is:
https://github.com/SalesforceFoundation/salesforce-requests-oauthlib/blob/master/setup.py

('requests-oauthlib>=0.6.2',)

so they are now broken. we run a customised version of that library.

cheers !!

2019-01-17 12:32:07,973 ERROR Traceback (most recent call last):
  File "/usr/src/app/customer/management/commands/listen_salesforce_stream.py", line 48, in handle
    do_blocking_client()
  File "/usr/src/app/customer/management/commands/listen_salesforce_stream.py", line 69, in do_blocking_client
    with ClientOne(*args, **kwargs) as streaming_client:
  File "/usr/local/lib/python3.6/site-packages/salesforce_streaming_client/__init__.py", line 141, in __init__
    version=version
  File "/usr/local/lib/python3.6/site-packages/salesforce_requests_oauthlib/__init__.py", line 152, in __init__
    self.launch_password_flow()
  File "/usr/local/lib/python3.6/site-packages/salesforce_requests_oauthlib/__init__.py", line 223, in launch_password_flow
    password=self.password
  File "/usr/local/lib/python3.6/site-packages/requests_oauthlib/oauth2_session.py", line 307, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/usr/local/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 415, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/usr/local/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 425, in parse_token_response
    validate_token_parameters(params)
  File "/usr/local/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 432, in validate_token_parameters
    raise_from_error(params.get('error'), params)
  File "/usr/local/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 406, in raise_from_error
    raise CustomOAuth2Error(error=error, **kwargs)
oauthlib.oauth2.rfc6749.errors.CustomOAuth2Error: (invalid_client_id) client identifier invalid

[robnagler]

Thanks for letting us know @singingwolfboy!