In #185 , google-auth now uses Python's cryptography library if it's available.

The cryptography library is faster and better-maintained than python-rsa.

Recently the rsa library had a security bug, and it took a long time to ship an update sybrenstuvel/python-rsa#165 . This impacted google-auth users, see #646

Would you please update the google-auth packaging metadata to stop installing rsa and start installing cryptography instead?