-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-auth-cognito unusable - is pulling in an old alpha version of okhttp #2809
Comments
Hi @kroegerama , Thanks for reporting the issue, our team will take a look and post updates here. |
Hi @kroegerama , Unfortunately, Amplify Android has dependency with |
Thanks a lot for your follow-up @yuhengshs. I look forward to hearing if your colleagues decide to fix this. |
@yuhengshs Any update for this issue. I am also facing the conflict issue with stripe , You should use okhttp3 stable latest version |
@mehulrewardle Unfortunately, we have a hard dependency on the AWS Kotlin SDK, which is using the v5-alpha. We cannot change the OkHttp version on our end unless the AWS Kotlin SDK makes changes first. For our knowledge, does the Stripe SDK crash if OkHttp is allowed to resolve to the v5-alpha version? |
Hi @yuhengshs and @tylerjroach, is there any update on this? Could you try to find a solution for this issue? |
Hello @JGerdes, I am a developer of the AWS SDK for Kotlin. We have no intentions to downgrade our version of OkHttp. Square claims that OkHttp 5.0.0-alpha.X is production stable, so we recommend you upgrade to resolve the issue:
Note: The AWS SDK for Kotlin does not use any new APIs from 5.0.0-alpha.X, only pre-existing APIs which are considered stable and supported for production use. If you are not willing to upgrade your OkHttp version to alpha, then you will need to explore alternate solutions such as dependency shading. Here is a GitHub issue where we've discussed this option in the past. It may be useful if you decide to go this route: awslabs/aws-sdk-kotlin#765 (comment) |
We are trying to use the latest Stripe SDK, https://github.com/stripe/stripe-terminal-android/releases which has a dependancy of stable OKHttp lib. We need to use the new version to fix a Stripe bug but are now blocked from upgrading due to the dependancy of the alpha version of the OkHttp lib that aws-auth-cognito is using. In regard to:
|
@jasinmelb Unfortunately there isn't much we can do from our side right now due to our dependency on AWS Kotlin SDK. Have you tried to look at alternate solutions like what was mentioned above: awslabs/aws-sdk-kotlin#765 (comment) |
I'm happy to share that we've implemented a workaround to this problem. The latest release of smithy-kotlin (v1.3.9) contains an OkHttp4Engine which depends on OkHttp 4.x instead of 5.0.0-alpha.X. Take a look at the module's README, give it a try, and let us know if you have any problems! |
That's awesome! Thanks for the update @lauzadis! For those affected, please try that solution and let us know how it goes for you. |
Hm actually looking a little further into the solution, it looks like there's additional work for Amplify to support this. Let me discuss this with the team. |
@vincetran Can you share the outcome of the discussion with the team or whether there already is a rough timeline when to expect a release adding support for the OkHttp4Engine option? |
Hi all, sorry for the late reply. While we do agree that this is something we want to support, we're running a bit stretched right now. We cannot commit to any specific timeline for adding this but we will absolutely keep this issue up-to-date when we have a better idea. |
@vincetran any update on this? |
Hi @JGerdes, we don't have any update right now. This is a high-priority improvement so we intend to work on it as soon as there is capacity available. |
Before opening, please confirm:
Language and Async Model
Kotlin - Coroutines
Amplify Categories
Authentication
Gradle script dependencies
Describe the bug
All recent versions of
com.amplifyframework:aws-auth-cognito
pull in an alpha version ofokhttp
:com.squareup.okhttp3:okhttp:5.0.0-alpha.11
via transitive dependencies.This is conflicting with our existing dependencies of okhttp
4.12.0
, which is the latest stable release of okhttp.I don't really get, why anyone considered it a good idea to use an alpha version as a dependency. There are even companies that forbid using alpha dependencies in production.
Seems, like the culprit is the aws dependency
aws.smithy.kotlin:http-client-engine-okhttp-jvm:1.0.11
, which had this bad dependency literally forever. I went to mvnrepository and even version0.11.0
of this smithy client uses an alpha version. Going forward, the most recent version1.2.2
also has an alpha dependency.There was a ticket regarding this, but it was abandoned and closed without a fix. #2632
Is there a plan, when this will be fixed? I have no idea how to integrate cognito without messing up our production releases.
The text was updated successfully, but these errors were encountered: