You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Firstly, with the RSA-SHA1 signature method in OAuth 1.0a, having just cryptography without pyjwt does not work. It needs both. It is also needed for RS256 tokens in OAuth 2.0 too: JWT is needed/imported by oauth2/rfc6749/clients/service_application.py, common.py and oauth1/rfc5849/signature.py.
Secondly, the "signedtoken" extras is not documented (except buried in a section about errors in the FAQ). The "rsa" extras is partially documented, and that would mislead users into thinking all they need to do is install the "rsa" extras and RSA-SHA1 and RS256 will work.
How to reproduce
Install using pip install oauthlib[rsa] and try using the OAuth 1.0a RSA-SHA1 signature method. It fails with an exception, because pyjwt has not been installed.
ModuleNotFoundError: No module named 'jwt'
Expected behavior
Expect installing "rsa" will make the OAuth 1.0a RSA-SHA1 signature method work.
Proposed solution
Is there a reason why someone would what to install cryptography installed for RSA support, but cannot (or must not) install pyjwt?
Can both installation extras be merged into a single "rsa" extras? Having one option makes installing less complicated, and less things that need to be documented.
The text was updated successfully, but these errors were encountered:
Describe the bug
The setup.py install script currently defines two "extras" that can be installed:
cryptography
package, andcryptography
andpyjwt
packages.oauthlib/setup.py
Lines 21 to 23 in d4716eb
oauthlib/setup.py
Lines 40 to 44 in d4716eb
There are two problems with this.
Firstly, with the RSA-SHA1 signature method in OAuth 1.0a, having just cryptography without pyjwt does not work. It needs both. It is also needed for RS256 tokens in OAuth 2.0 too: JWT is needed/imported by oauth2/rfc6749/clients/service_application.py, common.py and oauth1/rfc5849/signature.py.
Secondly, the "signedtoken" extras is not documented (except buried in a section about errors in the FAQ). The "rsa" extras is partially documented, and that would mislead users into thinking all they need to do is install the "rsa" extras and RSA-SHA1 and RS256 will work.
How to reproduce
Install using
pip install oauthlib[rsa]
and try using the OAuth 1.0a RSA-SHA1 signature method. It fails with an exception, because pyjwt has not been installed.Expected behavior
Expect installing "rsa" will make the OAuth 1.0a RSA-SHA1 signature method work.
Proposed solution
Is there a reason why someone would what to install cryptography installed for RSA support, but cannot (or must not) install pyjwt?
Can both installation extras be merged into a single "rsa" extras? Having one option makes installing less complicated, and less things that need to be documented.
The text was updated successfully, but these errors were encountered: