Allow using oauth2client versions < 2 #201
Conversation
Be compatible with older oauth2client versions. This simplifies the installation (also for downstream) when software needs an older oauth2client version but also wants to use googleapiclient.
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
googlebot
added
the
cla: no
|
Are you sure this is the only change needed? |
|
|
|
CLAs look good, thanks! |
googlebot
added
cla: yes
|
@toabctl I'm also curious about what cases you're running into where you need a lower version of |
No. But looking at the changelog doesn't indicate any other needed changes and also your testsuite passes :) |
That gives me a lot of confidence. @nathanielmanistaatgoogle any opposition to this change? |
@jonparrott |
|
And I havn't checked any other software yet. There might be more which depends on oauth2client < 2 |
Because as a user I want to have a single package manager to handle all my files. virtualenvs are nice to play and develop but not so nice for production. If I use a couple of different languages on my system, should I use 10 different package managers to handle all my files (gem, pip, npm, ...)? |
|
So if you merge this it would be really cool to get a new release on pypi btw. |
I could definitely disagree with this sentiment, but this is neither the time nor place. Will wait for @nathanielmanistaatgoogle's opinion on this change before merging. |
|
@jonparrott but even with a virtualenv it can happen that you need to combine 2 python modules where module 1 needs oauth2client < 2 and module 2 needs oauth2client >=2 |
|
This is weird and strange, so the barrier to entry is going to be high. (1) Thank you for the test coverage. (2) Thank you for giving a specific example with real libraries explaining why this should exist. (3) How long would we want to live with this? Would this have an expiration date after which we could remove it and again just depend on oauth2client>=2.0.0? |
As long as possible. But at least as long as other software from google uses still an old oauth2client :) |
|
@toabctl what software is still using old oauth2client? |
|
I see above that the cloud sdk does, but it normally vendors its dependencies. Does the debian package actually depend on a separate oauth2client package? |
The openSUSE package does (but Debian is doing the same - removing included 3rd party modules from a package). See https://build.opensuse.org/package/show/openSUSE:Factory/google-cloud-sdk |
|
Thank you for that information. I'm fine to merge if @nathanielmanistaatgoogle is. |
Also - Removing bare `except:` statements in both the PyCrypto and OpenSSL verifiers (in the `verify` method). - Catching the only exception possible in the OpenSSL verifier (it is `OpenSSL.crypto.Error`). - Converting the signature to bytes (if not already) in the OpenSSL verifier. - Adding a test with both a unicode and bytes signature for each verifier. Fixes googleapis#201.
Be compatible with older oauth2client versions. This simplifies
the installation (also for downstream) when software needs an older
oauth2client version but also wants to use googleapiclient.