New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4 #99
Comments
Removing default featuresCurrently it is very difficult to remove the reqwest and thus a dependency on openssl when using openidconnect. The reason for this is, that oauth-rs has reqwest as default feature and openidconnect carries that default feature with it without the possibility of disabling it. Personally I would like to see a concept which is more like tokio which does not add anything by default but allows the user to specify what he/she wants. Remove future-1 supportfuture-1 did not receive any update for 9 month now. Question is whether we want to continue supporting users who use it. Replace failure with concrete error typeAs described in #90 failure got deprecated. I'm however not comfortable with having a crate like failure, thiserror or anyhow in a library crate. Those crates are, in my opinion, made for easy error handling in end user crates/binaries. We, however, should have a look whether it is possible to create a concrete error type which is flexible enough to handling unknown error. |
@ramosbugs I would like to hear your feedback before starting to work on this (sorry for the noisy if you just did not have time to get it to it - just making sure that you know) |
I'm confused about this. Why doesn't disabling the default features on
I generally agree, but this crate isn't very useful out of the box without an HTTP client implementation, and the vast majority of users will probably want to use a simple, built-in HTTP client like the reqwest-based one this crate provides. As long as there's a straightforward way to disable the default, I think it's fine to continue building a client by default.
Sounds good. Let's remove both futures 0.1 and reqwest 0.9 (see #100 (comment)).
The concrete change to this crate's public API that #90 is proposing is to replace the errors returned by this library with types that implement the The |
Let me try to explain. If I add the following deps:
It will be "expanded" to the following due to default-features
If I now switch to reqwest 10 we get the following:
reqwest-09 is still in there as it is in the default features. Now lets disable default features:
While it does remove the reqwest9 from openidconnect it does not remove it from oauth2. Because it still has it activated in its default-features and one is unable to remove it. Feel free to create a small cargo project with the dependency lines as above. You will see a lock file similar to this:
So there are two ways to solve this. Switch oauth-rs to default-features = false in openidconnect-rs or disable all features by default. This is still relevant even if we remove reqwest9 because if someone wants to implement his/her own client, they probably want to be able to disable reqwest10 completly. |
ohh I see. yes, let's add |
@ramosbugs I would be ready for a release. So if you have the time - feel free. I will continue my destruction afterwards in openidconnect-rs 😉. |
Small correction for the release notes:
there is no more future-03 flag :D. It got removed and the future crate as well ;) |
oops thanks! updated :-) |
Just wondering - what's the expected timeline on this release? Is it blocked on #97? |
@maxdymond: I just went ahead and released https://crates.io/crates/oauth2/4.0.0-alpha.2 with the device code support. A 4.0 stable release isn't blocked on any particular issue, but it probably makes sense to let the new API bake a bit before committing to not having subsequent breaking changes for this release. |
|
I just cut 4.0.0-alpha.3 with the reqwest 0.11/tokio 1.0 change but with the |
@halvko sure thing. I will close it as 4.0 is released by now and @ramosbugs will decide when it will leave alpha 👍🏻 |
4.0 is not released, its in alpha. I dont think this should be closed |
On the topic of a release, is there a plan for when a final release will be made? |
I just released https://crates.io/crates/oauth2/4.0.0-beta.1, which should preclude further breaking changes. This bump did include a couple of small breaking changes, though. I'll plan to let this version soak for about a month before cutting 4.0.0. |
Hi @ramosbugs. How's the release planning thinking going? I ask because we're nearing release of our product that uses these (oauth2 and openidconnect) beta versions and it would be great if we could switch to final versions for our release. Mainly just a "looks better" thing though as of course the functionality works fine as it is now. |
hey @ximon18, I'm planning to cut 4.0.0 in another week or so. I can't do any dev work for the next few days until my laptop gets back from being repaired. |
Thanks @ramosbugs. Good luck with the laptop! |
4.0.0 is now released! Thanks to everyone who contributed! |
This is the tracking Issue for Release 4
ToDo
rust-crypto
default-features = false
in openidconnet-rsThe text was updated successfully, but these errors were encountered: