Depend on unreleased social-auth-core 3.4.0 for fixes to Apple auth b…

…ackend 3.4.0 was not released to PyPI due to a broken test: python-social-auth/social-core#485 This version contains necessary fixes for validating the "audience" component of the JWT, as seen in ARCHBOM-1281. (I believe we'll need to pass both the App ID and the Service ID in an additional AUDIENCE "other settings" key for this third-party-auth backend.)
openedx · Jul 28, 2020 · ccd6f5c · ccd6f5c
1 parent e4f28de
commit ccd6f5c
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 4 deletions.
diff --git a/requirements/edx/base.in b/requirements/edx/base.in
@@ -137,7 +137,6 @@ pyuca                               # For more accurate sorting of translated co
 recommender-xblock                  # https://github.com/edx/RecommenderXBlock
 rest-condition                      # DRF's recommendation for supporting complex permissions
 rfc6266-parser                      # Used to generate Content-Disposition headers.
-social-auth-core
 pysrt                               # Support for SubRip subtitle files, used in the video XModule
 pytz                                # Time zone information database
 PyYAML                              # Used to parse XModule resource templates

diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
@@ -219,7 +219,7 @@ simplejson==3.17.2        # via -r requirements/edx/base.in, sailthru-client, su
 six==1.15.0               # via -r requirements/edx/../edx-sandbox/shared.txt, -r requirements/edx/base.in, -r requirements/edx/paver.txt, analytics-python, bleach, chem, crowdsourcehinter-xblock, cryptography, django-classy-tags, django-countries, django-sekizai, django-simple-history, django-statici18n, django-wiki, drf-yasg, edx-ace, edx-bulk-grades, edx-ccx-keys, edx-django-release-util, edx-drf-extensions, edx-enterprise, edx-i18n-tools, edx-milestones, edx-opaque-keys, edx-rbac, edx-search, event-tracking, fs, fs-s3fs, help-tokens, html5lib, isodate, libsass, mock, openedx-calc, packaging, paver, pycontracts, pyjwkest, python-dateutil, python-memcached, python-swiftclient, social-auth-app-django, social-auth-core, stevedore, xblock
 slumber==0.7.1            # via edx-bulk-grades, edx-enterprise, edx-rest-api-client
 social-auth-app-django==4.0.0  # via -r requirements/edx/base.in
-social-auth-core==3.3.3   # via -r requirements/edx/base.in, social-auth-app-django
+git+https://github.com/python-social-auth/social-core.git@9d93069564a60495e0ebd697b33e16fcff14195b#egg=social-auth-core==3.4.0  # via -r requirements/edx/github.in, social-auth-app-django
 sorl-thumbnail==12.6.3    # via -r requirements/edx/base.in, django-wiki
 sortedcontainers==2.2.2   # via -r requirements/edx/base.in, pdfminer.six
 soupsieve==2.0.1          # via beautifulsoup4

diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt
@@ -281,7 +281,7 @@ slumber==0.7.1            # via -r requirements/edx/testing.txt, edx-bulk-grades
 smmap==3.0.4              # via -r requirements/edx/testing.txt, gitdb
 snowballstemmer==2.0.0    # via sphinx
 social-auth-app-django==4.0.0  # via -r requirements/edx/testing.txt
-social-auth-core==3.3.3   # via -r requirements/edx/testing.txt, social-auth-app-django
+git+https://github.com/python-social-auth/social-core.git@9d93069564a60495e0ebd697b33e16fcff14195b#egg=social-auth-core==3.4.0  # via -r requirements/edx/testing.txt, social-auth-app-django
 sorl-thumbnail==12.6.3    # via -r requirements/edx/testing.txt, django-wiki
 sortedcontainers==2.2.2   # via -r requirements/edx/testing.txt, pdfminer.six
 soupsieve==2.0.1          # via -r requirements/edx/testing.txt, beautifulsoup4

diff --git a/requirements/edx/github.in b/requirements/edx/github.in
@@ -62,6 +62,11 @@ git+https://github.com/edx/MongoDBProxy.git@d92bafe9888d2940f647a7b2b2383b29c752
 # back into the upstream code.
 git+https://github.com/edx/django-ratelimit-backend.git@v2.0.1a5#egg=django-ratelimit-backend==2.0.1a5
 
+# This is tagged as 3.4.0 in the repo, but it was never released to PyPI due to
+# a broken test: https://github.com/python-social-auth/social-core/issues/485
+# Remove once package is released.
+git+https://github.com/python-social-auth/social-core.git@9d93069564a60495e0ebd697b33e16fcff14195b#egg=social-auth-core==3.4.0
+
 # Our libraries:
 -e git+https://github.com/edx/codejail.git@ffec49bb09785fb688afc5d24714d4e43ae8449f#egg=codejail==3.0.1
 -e git+https://github.com/edx/acid-block.git@758855a67d2f12bd74db4d5e7a0862d6e65f079c#egg=acid-xblock

diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt
@@ -269,7 +269,7 @@ six==1.15.0               # via -r requirements/edx/base.txt, -r requirements/ed
 slumber==0.7.1            # via -r requirements/edx/base.txt, edx-bulk-grades, edx-enterprise, edx-rest-api-client
 smmap==3.0.4              # via gitdb
 social-auth-app-django==4.0.0  # via -r requirements/edx/base.txt
-social-auth-core==3.3.3   # via -r requirements/edx/base.txt, social-auth-app-django
+git+https://github.com/python-social-auth/social-core.git@9d93069564a60495e0ebd697b33e16fcff14195b#egg=social-auth-core==3.4.0  # via -r requirements/edx/base.txt, social-auth-app-django
 sorl-thumbnail==12.6.3    # via -r requirements/edx/base.txt, django-wiki
 sortedcontainers==2.2.2   # via -r requirements/edx/base.txt, pdfminer.six
 soupsieve==2.0.1          # via -r requirements/edx/base.txt, beautifulsoup4