Pulling in /edx/src repositories throws error with python package dependencies for the LMS

Development
1

I’m writing a custom backend for python-social-auth for BigCommerce and noticed that when including the bigcommerce · PyPI client package within this source it generates the following PyJWT error.

root@lms:/edx/app/edxapp/edx-platform# pip install -e /edx/src/social_auth_backends/bigcommerce_api_testing/         social-core/
social-auth-backend-bigcommerce/ 
root@lms:/edx/app/edxapp/edx-platform# pip install -e /edx/src/social_auth_backends/social-auth-backend-bigcommerce/
Obtaining file:///edx/src/social_auth_backends/social-auth-backend-bigcommerce
Collecting bigcommerce
  Using cached bigcommerce-0.22.2.tar.gz (21 kB)
Requirement already satisfied: social-auth-core in /edx/app/edxapp/venvs/edxapp/lib/python3.5/site-packages (from social-auth-backend-bigcommerce==0.1.0) (3.3.3)
Collecting requests>=2.25.1
  Using cached requests-2.25.1-py2.py3-none-any.whl (61 kB)
ERROR: Could not find a version that satisfies the requirement pyjwt>=2.0.1 (from bigcommerce->social-auth-backend-bigcommerce==0.1.0) (from versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.2.3, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 1.0.0, 1.0.1, 1.1.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 2.0.0a1)
ERROR: No matching distribution found for pyjwt>=2.0.1 (from bigcommerce->social-auth-backend-bigcommerce==0.1.0)
WARNING: You are using pip version 20.0.2; however, version 20.3.4 is available.
You should consider upgrading via the '/edx/app/edxapp/venvs/edxapp/bin/python3.5 -m pip install --upgrade pip' command.

My LMS is running version

PyJWT                           1.5.2

And the bigcommerce-api-python package that I’m trying to use within the social-auth-backend-bigcommerce is referencing pyjwt==2.1.0 bigcommerce-api-python/requirements.txt at bigcommerce-0.22.2 · bigcommerce/bigcommerce-api-python · GitHub

Is there a way to keep the version of PyJWT separate from the social auth backend and the LMS? I’m thinking virtualenv but not sure what to do here. I guess I could update the requirements on the social-auth-backend-bigcommerce to match the LMS but that might change how things are done internally to that package.

cc: @braden @arbrandes

2

I have since then moved the bigcommerce-api-python to the /edx/src directory and trying to get that installed first throws the same error.

root@lms:/edx/app/edxapp/edx-platform# pip install -e /edx/src/bigcommerce-api-python/
Obtaining file:///edx/src/bigcommerce-api-python
Collecting requests>=2.25.1
  Using cached requests-2.25.1-py2.py3-none-any.whl (61 kB)
ERROR: Could not find a version that satisfies the requirement pyjwt>=2.0.1 (from bigcommerce==0.22.2) (from versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.2.3, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 1.0.0, 1.0.1, 1.1.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 2.0.0a1)
ERROR: No matching distribution found for pyjwt>=2.0.1 (from bigcommerce==0.22.2)
WARNING: You are using pip version 20.0.2; however, version 20.3.4 is available.
You should consider upgrading via the '/edx/app/edxapp/venvs/edxapp/bin/python3.5 -m pip install --upgrade pip' command.

The setup.py file indicates that pyjwt>=2.0.1 needs to be installed. How do I get this to work if my LMS wants version pyjwt=1.5.2?

3

What version of edx-platform are you using at the moment?

edx-platform had PyJWT pinned until an older version for quite a while, and only last month did we manage to work through all of the dependencies and unpin it.

4

@Tim_McCormack In production we have Hawthorn still unfortunately so I’m having to deal with pyjwt==1.5.2. Is there a way to keep this /edx/src/ package at a different version than the platform?

5

I am by no means an expert on this, but I’m not sure there’s a good way to do what you want. PyJWT 2 introduced a number of breaking changes (some very important, such as forcing you to explicitly select an algorithm) and that required changes in a number of libraries that edx-platform uses.

I think the fastest solution would be to fork the bigcommerce package and downgrade it to compatibility with an earlier pyjwt version, then use that. That might not be the best solution, though, since it just adds technical debt (and maintenance burden) you’ll have to work on later.

6

Appreciate the feedback @Tim_McCormack. Another developer on our team is working with Koa and she said that was not an issue with that release because she has version > 2. I have already downgraded to same 1.5.2 to match Hawthorn version and will test for that package in /edx/src to see if we can get by for now. We plan on upgrading our release soon so hopefully we won’t have to keep that fork around moving forward.

Change in PyJWT by you.

7

Glad to hear it!

FYI, PyJWT later had to be pinned again (at a higher version), and only about 20 days ago was edx-platform finally bumped to PyJWT 2.x.

1 Like