made cryptography into required dependency

Author: daniel-sanche

setup.py

@@ -19,27 +19,30 @@
 from setuptools import setup
 
 
-DEPENDENCIES = ("pyasn1-modules>=0.2.1",)
+DEPENDENCIES = (
+    "pyasn1-modules>=0.2.1",
+    "cryptography >= 38.0.3",
+    # TODO: remove rsa from dependencies in next release (replaced with cryptography)
+    "rsa>=3.1.4,<5",
+)
 
-cryptography_base_require = [
+# Note: cryptography was made into a required dependency. Extra is kept for backwards compatibility
+cryptography_extra_require = [
     "cryptography >= 38.0.3",
 ]
 
-# TODO: rsa is archived. Remove optional dependency in future release
-rsa_extra_require = ["rsa>=3.1.4,<5"]
-
 requests_extra_require = ["requests >= 2.20.0, < 3.0.0"]
 
 aiohttp_extra_require = ["aiohttp >= 3.6.2, < 4.0.0", *requests_extra_require]
 
-pyjwt_extra_require = ["pyjwt>=2.0", *cryptography_base_require]
+pyjwt_extra_require = ["pyjwt>=2.0"]
 
 reauth_extra_require = ["pyu2f>=0.1.5"]
 
 # TODO(https://github.com/googleapis/google-auth-library-python/issues/1738): Add bounds for cryptography and pyopenssl dependencies.
 enterprise_cert_extra_require = ["cryptography", "pyopenssl"]
 
-pyopenssl_extra_require = ["pyopenssl>=20.0.0", cryptography_base_require]
+pyopenssl_extra_require = ["pyopenssl>=20.0.0"]
 
 # TODO(https://github.com/googleapis/google-auth-library-python/issues/1739): Add bounds for urllib3 and packaging dependencies.
 urllib3_extra_require = ["urllib3", "packaging"]
@@ -71,12 +74,10 @@
     # TODO(https://github.com/googleapis/google-auth-library-python/issues/1722): `test_aiohttp_requests` depend on
     # aiohttp < 3.10.0 which is a bug. Investigate and remove the pinned aiohttp version.
     "aiohttp < 3.10.0",
-    *rsa_extra_require,
 ]
 
 extras = {
-    "cryptography": cryptography_base_require,
-    "rsa": rsa_extra_require,
+    "cryptography": cryptography_extra_require,
     "aiohttp": aiohttp_extra_require,
     "enterprise_cert": enterprise_cert_extra_require,
     "pyopenssl": pyopenssl_extra_require,