Secondary dependency with authlib

[cdce8p]

The Home Assistant integration uses PointSession.ensure_active_token which is inherited from AsyncOAuth2Client (authlib).
Unfortunately, authlib 1.0 changed the function signature which means that the existing code is silently incompatible. pypoint itself doesn't pin authlib.

I've added a constraint for authlib to HA in home-assistant/core#68176. However, ideally pypoint would manage the dependency itself. So that HA doesn't need that constraint anymore.

Either by pinning authlib<1.0 or authlib>1.0 and updating the function signature / creating a wrapper function.

[fredrike]

What is expected to change in pypoint?

[cdce8p]

What is expected to change in pypoint?

At the moment, authlib doesn't have any constraints. Thus pip could install either 1.0 or 0.15.5 depending on other requirements. The problem is that AsyncOAuth2Client.ensure_active_token changed in 1.0, so both alternatives are incompatible.

pypoint/setup.py

Line 23 in 0333ef5

"authlib",

From the looks of it, session.eunsure_active_token (in HA) is only used to do an initial auth check. Is it possible to do that with other methods? Any request method will call the method implicitly, from what I can tell. If it can be done, the incompatibility would be authlib internal and the point integration wouldn't depend on authlib.
https://github.com/lepture/authlib/blob/v1.0.0/authlib/integrations/httpx_client/oauth2_client.py#L82-L87

The alternative would be to pin authlib>=1.0,<2.0 here. Additionally, you could either create a wrapper in pypoint which implicitly passes the token or update the HA integration to pass it explicitly.