Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plaid Client 9 uses retired Apache Oltu project, which is not supported #283

Open
stevenschlansker opened this issue Apr 20, 2021 · 9 comments

Comments

@stevenschlansker
Copy link

The new Plaid client brings in org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:1.0.1.
This causes our build to fail, as there are duplicate classes in org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:1.0.1 and org.apache.oltu.oauth2:org.apache.oltu.oauth2.common:1.0.1, which is a bug in the Oltu project.

While attempting to report this bug to them to get it fixed, I found that the project is retired and not maintained:

https://attic.apache.org/projects/oltu.html

Please do not depend on unsupported libraries. Consider removing this dependency before taking this library out of beta.

@phoenixy1
Copy link
Contributor

@stephenjayakar FYI -- do we have this on the to-do list for GA?

@phoenixy1
Copy link
Contributor

FWIW it looks like was fixed on the OpenAPI generator side in February, with version 5.0.1 -- I assume we will get the fix the next time we update the version of the OpenAPI generator we are using, although I don't know when we are currently scheduled to do that.

@phoenixy1
Copy link
Contributor

looking at our build script, I see we actually do now use openapi generator 5.1 for Java, which means this issue should now be resolved. @stevenschlansker, are you still seeing this with the latest libraries?

@phoenixy1
Copy link
Contributor

going to close this -- feel free to reopen / refile if it's not fixed

@stevenschlansker
Copy link
Author

stevenschlansker commented Aug 27, 2021

@phoenixy1 , I am not sure how the OpenAPI generator relates; I am simply looking at the declared dependencies of plaid-java and even at version 9.0.0 you can see that it still depends on an outdated version of the abandoned Oltu library: https://search.maven.org/artifact/com.plaid/plaid-java/9.0.0/jar

    <dependency>
      <groupId>org.apache.oltu.oauth2</groupId>
      <artifactId>org.apache.oltu.oauth2.client</artifactId>
      <version>${oltu-version}</version>
      <exclusions>
        <exclusion>
          <groupId>org.apache.oltu.oauth2</groupId>
          <artifactId>common</artifactId>
        </exclusion>
      </exclusions>
    </dependency>

So I do not think this issue is fixed.

@stevenschlansker
Copy link
Author

stevenschlansker commented Aug 27, 2021

It's even still present directly in the source code: https://github.com/plaid/plaid-java/blob/master/pom.xml#L220
I think this issue was closed quite prematurely and would recommend reopening.

@phoenixy1 phoenixy1 reopened this Aug 30, 2021
@phoenixy1
Copy link
Contributor

phoenixy1 commented Aug 30, 2021

@stevenschlansker this relates to openapi generator because I believe the dependency is being added by openapi generator (OpenAPITools/openapi-generator#8318). according to their release notes, openapi generator fixed this, and we have since upgraded to create the libraries using a version of the generator that has the fix, so I'm not quite sure why this is still happening -- possibly the dependency is just left over and we need to remove it? cc: @stephenjayakar to take a look.

@phoenixy1
Copy link
Contributor

@otherchen do you know why this is happening -- is it just left over / can we manually remove it?

@phoenixy1
Copy link
Contributor

phoenixy1 commented Oct 17, 2023

Hokay, I did a little bit of digging in response to #397 and it looks like the issue here is that we're using the retrofit2 library and this issue was never fixed in OpenAPI generator for retrofit2. I personally don't have enough context on Java to understand the consequences of switching to a different library, or which one we'd want to switch to if we did, but it does appear that that's probably what we'd have to do to fix this (well, that or fix the issue in OpenAPI generator, I guess). Relevant issue: OpenAPITools/openapi-generator#10661

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants