From 668158f0558d486082c0dc672a6ac39ba05ced6a Mon Sep 17 00:00:00 2001
From: Szymon Andrzejewski <szyandr06@gmail.com>
Date: Wed, 19 Feb 2025 07:31:42 +0100
Subject: [PATCH] Fixed Spotify's deprecation of http and localhost (#1187)

* spotify's deprecation of http and localhost

* updated instead of changed

* pep8

* fixing thing that i broke
---
 CHANGELOG.md      |  1 +
 CONTRIBUTING.md   |  4 ++--
 TUTORIAL.md       |  2 +-
 docs/index.rst    |  6 +++---
 spotipy/oauth2.py | 24 +++++++++++++++++++++++-
 5 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d8c99d0..8f2230f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ Add your changes below.
 
 - Updated get_cached_token and save_token_to_cache methods to utilize Python's Context Management Protocol
 - Added except clause to get_cached_token method to handle json decode errors
+- Added warnings and updated docs due to Spotify's deprecation of HTTP and "localhost" redirect URIs
 
 ### Removed
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d7f8a4a..63f38b6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,13 +9,13 @@ If you would like to contribute to spotipy follow these steps:
 export SPOTIPY_CLIENT_ID=client_id_here
 export SPOTIPY_CLIENT_SECRET=client_secret_here
 export SPOTIPY_CLIENT_USERNAME=client_username_here # This is actually an id not spotify display name and can be found [here](https://www.spotify.com/us/account/overview/)
-export SPOTIPY_REDIRECT_URI=http://localhost:8080 # Make url is set in app you created to get your ID and SECRET
+export SPOTIPY_REDIRECT_URI=http://127.0.0.1:8080 # Make url is set in app you created to get your ID and SECRET
 
 # Windows
 $env:SPOTIPY_CLIENT_ID="client_id_here"
 $env:SPOTIPY_CLIENT_SECRET="client_secret_here"
 $env:SPOTIPY_CLIENT_USERNAME="client_username_here" 
-$env:SPOTIPY_REDIRECT_URI="http://localhost:8080" 
+$env:SPOTIPY_REDIRECT_URI="http://127.0.0.1:8080" 
 ```
 
 ### Branch Overview
diff --git a/TUTORIAL.md b/TUTORIAL.md
index b3dd15d..b063fd4 100644
--- a/TUTORIAL.md
+++ b/TUTORIAL.md
@@ -27,7 +27,7 @@ Spotipy relies on the Spotify API. In order to use the Spotify API, you'll need
 
 A. Visit the [Spotify developer portal](https://developer.spotify.com/dashboard/). If you already have a Spotify account, click "Log in" and enter your username and password. Otherwise, click "Sign up" and follow the steps to create an account. After you've signed in or signed up, begin by clicking on your profile name at the top right of your screen and then click “Dashboard” to go to Spotify’s Developer Dashboard.
 
-B. Check the box "Accept the Spotify Developer Terms of Service" and then click "Accept the terms". On the next page, verify your email address if you haven't already. Click the "Create an App" button. Enter any name and description you'd like for your new app. Next, add "http://localhost:1234" (or any other port number of your choosing) to the "Redirect URI" secction. Check the box "I understand and agree with Spotify's Developer Terms of Service and Design Guidelines" and then click the "Save" button.
+B. Check the box "Accept the Spotify Developer Terms of Service" and then click "Accept the terms". On the next page, verify your email address if you haven't already. Click the "Create an App" button. Enter any name and description you'd like for your new app. Next, add "http://127.0.0.1:1234" (or any other port number of your choosing) to the "Redirect URI" secction. Check the box "I understand and agree with Spotify's Developer Terms of Service and Design Guidelines" and then click the "Save" button.
 
 C. Click on "Settings". Underneath "Client ID", you'll see a "View Client Secret" link. Click the link to reveal your Client secret and copy both your Client secret and your Client ID somewhere so that you can access them later.
 
diff --git a/docs/index.rst b/docs/index.rst
index c205488..3a49551 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -110,9 +110,9 @@ to your application at
 The ``redirect_uri`` argument or ``SPOTIPY_REDIRECT_URI`` environment variable
 must match the redirect URI added to your application in your Dashboard.
 The redirect URI can be any valid URI (it does not need to be accessible)
-such as ``http://example.com``, ``http://localhost`` or ``http://127.0.0.1:9090``.
+such as ``http://example.com`` or ``http://127.0.0.1:9090``.
 
-    .. note:: If you choose an `http`-scheme URL, and it's for `localhost` or
+    .. note:: If you choose an `http`-scheme URL, and it's for
      `127.0.0.1`, **AND** it specifies a port, then spotipy will instantiate
       a server on the indicated response to receive the access token from the
       response at the end of the oauth flow [see the code](https://github.com/plamere/spotipy/blob/master/spotipy/oauth2.py#L483-L490).
@@ -309,7 +309,7 @@ Export the needed Environment variables:::
     export SPOTIPY_CLIENT_ID=client_id_here
     export SPOTIPY_CLIENT_SECRET=client_secret_here
     export SPOTIPY_CLIENT_USERNAME=client_username_here # This is actually an id not spotify display name
-    export SPOTIPY_REDIRECT_URI=http://localhost:8080 # Make url is set in app you created to get your ID and SECRET
+    export SPOTIPY_REDIRECT_URI=http://127.0.0.1:8080 # Make url is set in app you created to get your ID and SECRET
 
 Create virtual environment, install dependencies, run tests:::
     $ virtualenv --python=python3.12 env
diff --git a/spotipy/oauth2.py b/spotipy/oauth2.py
index 7c26f95..e949f84 100644
--- a/spotipy/oauth2.py
+++ b/spotipy/oauth2.py
@@ -443,6 +443,17 @@ class SpotifyOAuth(SpotifyAuthBase):
         redirect_info = urlparse(self.redirect_uri)
         redirect_host, redirect_port = get_host_port(redirect_info.netloc)
 
+        if redirect_host == 'localhost':
+            logger.warning(
+                "Using 'localhost' as a redirect URI is being deprecated. "
+                "Use a loopback IP address such as 127.0.0.1 "
+                "to ensure your app remains functional.")
+
+        if redirect_info.scheme == "http" and redirect_host not in ("127.0.0.1", "localhost"):
+            logger.warning(
+                "Redirect URIs using HTTP are being deprecated. "
+                "To ensure your app remains functional, use HTTPS instead.")
+
         if open_browser is None:
             open_browser = self.open_browser
 
@@ -743,6 +754,17 @@ class SpotifyPKCE(SpotifyAuthBase):
         if open_browser is None:
             open_browser = self.open_browser
 
+        if redirect_host == 'localhost':
+            logger.warning(
+                "Using 'localhost' as a redirect URI is being deprecated. "
+                "Use a loopback IP address such as 127.0.0.1 "
+                "to ensure your app remains functional.")
+
+        if redirect_info.scheme == "http" and redirect_host not in ("127.0.0.1", "localhost"):
+            logger.warning(
+                "Redirect URIs using HTTP are being deprecated. "
+                "To ensure your app remains functional, use HTTPS instead.")
+
         if (
                 open_browser
                 and redirect_host in ("127.0.0.1", "localhost")
@@ -1009,7 +1031,7 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
                     (will set `cache_path` to `.cache-{username}`)
         * show_dialog: Interpreted as boolean
         """
-        logger.warning("The OAuth standard no longer recommends the Implicit "
+        logger.warning("Spotify is deprecating the Implicit "
                        "Grant Flow for client-side code. Use the SpotifyPKCE "
                        "auth manager instead of SpotifyImplicitGrant. For "
                        "more details and a guide to switching, see "