flask-oidc: ImportError: cannot import name 'JSONWebSignatureSerializer' from 'itsdangerous'
Python 3.10.4
pipenv, version 2022.5.2
flask-oidc 1.4.0
Exception happens on the following import line:
from flask_oidc import OpenIDConnect
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 19
Commits related to this issue
- build(requirements): pin 'itsdangerous' to < 2.1 'flask-oidc' 1.4.0 (latest) still use 'JSONWebSignatureSerializer' which was removed in 'itsdangerous' v2.1. Until https://github.com/puiterwijk/flask... — committed to Pagure/pagure by wombelix a year ago
- Update dependencies Regenerate dependencies files with pip-compile-multi (on python 3.8); allow Flask update since connexion was updated to not conflict, but limit it to <2.3 since newer versions pul... — committed to jcristau/tooltool by jcristau a year ago
- Update dependencies (#1102) Regenerate dependencies files with pip-compile-multi (on python 3.8); allow Flask update since connexion was updated to not conflict, but limit it to <2.3 since newer ve... — committed to mozilla-releng/tooltool by jcristau a year ago
@puiterwijk could this PR please be merged and released?
How long can you stay in this deprecated functionality? Instead of going backward, this library should be updated to use proper library as described here:
https://itsdangerous.palletsprojects.com/en/2.1.x/changes/ https://docs.authlib.org/en/latest/jose/jws.html
@khteh you can install the changes introduced by #144 by specifying directly the MR or the commit you want in your
pip installcommand.e.g.:
pip install git+https://github.com/puiterwijk/flask-oidc.git@b10e6bf881a3fe0c3972e4093648f2b77f32a97cOn our end, we are using a custom security manager for Airflow to connect using OIDC, which relies on
flask-oidcunderneath (https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-openid). Because the dependency onitsdangerousis not pinned, the latest build broke the oidc workflow to connect to Airflow, but adding the latest commit of #144 as dependency in our docker build (command above) fixed it.Note that
pip install git+https://github.com/puiterwijk/flask-oidc.git@refs/pull/144/headas specified in #152 would also work if you don’t want to freeze to a specific commit and benefit from the update made to the MR.So it’s 2023, 4 months later, is this still the issue and is it not yet updated?
Came here hoping for a fix too.
if it fixed, why dont you get updated?
@khteh well, one would need to have the proper rights on the repo for that, so this decision relies on @puiterwijk’s approval of the PR. In the meantime targeting the code of the PR for the install is a workaround.
Hello, This class has been removed in
itsdangerous2.1.0 : https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-0It was mentioned in https://github.com/puiterwijk/flask-oidc/issues/3 …
In your Pipfile, could you please add
itsdangerous = "<2.1"?Yes. See https://github.com/puiterwijk/flask-oidc/issues/147#issuecomment-1207160732
For those using
pipenv:pipenv install git+https://github.com/puiterwijk/flask-oidc.git@refs/pull/144/head#egg=flask-oidcSorry, I mixed the Gitlab’s way of defining things. MR = Merge request (which is Gitlab’s denomination for Pull Request).