Context
While migrating Python dependency management from pip-compile to uv (public-engineering#543), a fresh dependency resolution picked up social-auth-core 5.0.2 (previously pinned at 4.9.1 via pip-compile's locked requirements/edx/base.txt).
Problem
With social-auth-core 5.x, common/djangoapps/third_party_auth's integration test suite fails consistently:
common/djangoapps/third_party_auth/tests/specs/test_azuread.py::AzureADOauth2IntegrationTest::test_full_pipeline_succeeds_for_linking_account
common/djangoapps/third_party_auth/tests/specs/test_azuread.py::AzureADOauth2IntegrationTest::test_full_pipeline_succeeds_for_signing_in_to_existing_active_account
common/djangoapps/third_party_auth/tests/specs/test_azuread.py::AzureADOauth2IntegrationTest::test_full_pipeline_succeeds_registering_new_account
(same three for test_google.py, test_linkedin.py, test_twitter.py)
All fail at the same assertion in common/djangoapps/third_party_auth/tests/specs/base.py:
def assert_logged_in_cookie_redirect(self, response):
"""Verify that the user was redirected in order to set the logged in cookie."""
assert response.status_code == 302
assert response["Location"] == pipeline.get_complete_url(self.provider.backend_name) # fails here
The redirect's Location header no longer matches the expected complete-pipeline URL, suggesting social-auth-core 5.x changed some aspect of the OAuth pipeline's post-login redirect behavior (or URL/backend-name resolution) that this repo's pipeline code or tests assume.
Workaround
social-auth-core<5.0.0 has been added to [tool.edx_lint].uv_constraints in the root pyproject.toml to keep the currently-tested 4.x behavior while this repo is on uv. This mirrors the existing social-auth-app-django<=5.4.1 constraint already in this file, pinned for a related reason (avoiding an unplanned migration in the same dependency family).
Follow-up
Investigate what changed in social-auth-core 5.x's pipeline/redirect handling, update common/djangoapps/third_party_auth (and/or its tests) accordingly, then remove the social-auth-core<5.0.0 constraint.
Context
While migrating Python dependency management from pip-compile to uv (public-engineering#543), a fresh dependency resolution picked up
social-auth-core5.0.2 (previously pinned at 4.9.1 via pip-compile's lockedrequirements/edx/base.txt).Problem
With
social-auth-core5.x,common/djangoapps/third_party_auth's integration test suite fails consistently:All fail at the same assertion in
common/djangoapps/third_party_auth/tests/specs/base.py:The redirect's
Locationheader no longer matches the expected complete-pipeline URL, suggestingsocial-auth-core5.x changed some aspect of the OAuth pipeline's post-login redirect behavior (or URL/backend-name resolution) that this repo's pipeline code or tests assume.Workaround
social-auth-core<5.0.0has been added to[tool.edx_lint].uv_constraintsin the rootpyproject.tomlto keep the currently-tested 4.x behavior while this repo is on uv. This mirrors the existingsocial-auth-app-django<=5.4.1constraint already in this file, pinned for a related reason (avoiding an unplanned migration in the same dependency family).Follow-up
Investigate what changed in
social-auth-core5.x's pipeline/redirect handling, updatecommon/djangoapps/third_party_auth(and/or its tests) accordingly, then remove thesocial-auth-core<5.0.0constraint.