Allow for urllib3 < 2.x

[gmetzker]

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

In version 4.6 it appears a pin was added to urllib3 in the following commit: 91863cc

This issue is, when using AWS lambda with python 3.9 urllib 2.x is not supported, infact the botocore library pin urllib3 < 1.27 for python < 3.10. See: https://github.com/boto/botocore/blob/develop/setup.py#L28

At the moment we cannot yet update to python 3.10+, so I'm getting conflicts with botocore when trying to use the latest auto0-python library.

Do you 100% need the urllib3 pin to 2.x? Or could you allow <1.27 for Python <= 3.9

Describe the ideal solution

Change the dependency pinning so urllib < 2.x can be used for python 3.9

Alternatives and current workarounds

At the moment I'm considering updating using auth0-python version 4.5.

Additional context

No response

[imnotjames]

Seconding this. Happy to open a PR making that requirement a bit less strict.

This is probably a dependabot thing? Seems it automatically bumps the version a bunch -- but that's just the poetry lock, right?

[gmetzker]

@evansims Any thoughts on this?

Amazon is not supporting urllib3<2 for Python < 3.10. See boto/botocore#3138 (comment)

Would you accept a PR putting python version specific constraints on urllib3?
Here is what botocore has in their setup.py:

requires = [
    # ...
    'urllib3>=1.25.4,<1.27 ; python_version < "3.10"',
    'urllib3>=1.25.4,<2.1 ; python_version >= "3.10"',
]