Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-auth-cognito unusable - is pulling in an old alpha version of okhttp #2809

Open
1 task done
kroegerama opened this issue May 7, 2024 · 3 comments
Open
1 task done

aws-auth-cognito unusable - is pulling in an old alpha version of okhttp #2809

kroegerama opened this issue May 7, 2024 · 3 comments
Labels
auth Related to the Auth category/plugins feature-request Request a new feature

Comments

@kroegerama
Copy link

kroegerama commented May 7, 2024
edited

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication

Gradle script dependencies

implementation("com.amplifyframework:core-kotlin:2.16.1")
implementation("com.amplifyframework:aws-auth-cognito:2.16.1")

Describe the bug

All recent versions of com.amplifyframework:aws-auth-cognito pull in an alpha version of okhttp: com.squareup.okhttp3:okhttp:5.0.0-alpha.11 via transitive dependencies.

This is conflicting with our existing dependencies of okhttp 4.12.0, which is the latest stable release of okhttp.

I don't really get, why anyone considered it a good idea to use an alpha version as a dependency. There are even companies that forbid using alpha dependencies in production.

Seems, like the culprit is the aws dependency aws.smithy.kotlin:http-client-engine-okhttp-jvm:1.0.11, which had this bad dependency literally forever. I went to mvnrepository and even version 0.11.0 of this smithy client uses an alpha version. Going forward, the most recent version 1.2.2 also has an alpha dependency.

There was a ticket regarding this, but it was abandoned and closed without a fix. #2632

Is there a plan, when this will be fixed? I have no idea how to integrate cognito without messing up our production releases.
@github-actions github-actions bot added the pending-triage Issue is pending triage label May 7, 2024
@yuhengshs yuhengshs added auth Related to the Auth category/plugins investigating This issue is being investigated and removed pending-triage Issue is pending triage labels May 7, 2024
@yuhengshs
Copy link
Contributor

Hi @kroegerama ,

Thanks for reporting the issue, our team will take a look and post updates here.

@yuhengshs yuhengshs added question General question feature-request Request a new feature and removed investigating This issue is being investigated question General question labels May 7, 2024
@yuhengshs
Copy link
Contributor

Hi @kroegerama ,

Unfortunately, Amplify Android has dependency with aws-kotlin and aws-smithy. We will try to make another request internally and see if any modifications can be done.

@kroegerama
Copy link
Author

Thanks a lot for your follow-up @yuhengshs. I look forward to hearing if your colleagues decide to fix this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Related to the Auth category/plugins feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kroegerama @yuhengshs