Cory Benfield writes: > I think the core question you need to answer for this proposal is: > why is “pip install oic” not easy-enough reach?
My first guess would be "some enterprises use OAuth internally for the same reason they have draconian approval policies". More straightforwardly, this is the kind of battery that enterprises which make it hard to use pip seem likely to value. Nick's response is formally correct, but if requests is so important, it's likely to already be on the approved list. I would assume that pyoic also implements the client side, so it is useful even if requests is absent. But I am not a draconian security policy QA/security reviewer. I'd take anything Paul Moore says pretty seriously, as he operates in such an environment. _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
