From d448d337048980308f475bc200eb09e896c7e623 Mon Sep 17 00:00:00 2001
From: IdmFoundInHim <idmfoundinhim@gmail.com>
Date: Sun, 30 Aug 2020 12:02:18 -0400
Subject: [PATCH] Add Warning to SpotifyImplicitGrant.__init__ (#568)

* Clean up namespace in SpotifyPKCE._get_auth_response_interactive

* Add Warning to SpotifyImplicitGrant.__init__

* Update changelog with addition of warning
---
 CHANGELOG.md      |  2 ++
 spotipy/oauth2.py | 12 +++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b4540d3..7d9af39 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - `SpotifyPKCE.parse_auth_response_url`, mirroring that method in
  `SpotifyOAuth`
+- `SpotifyImplicitGrant` warns of security considerations and recommends
+ `SpotifyPKCE`
 
 ### Fixed
 
diff --git a/spotipy/oauth2.py b/spotipy/oauth2.py
index f3fc7b1..f9b425d 100644
--- a/spotipy/oauth2.py
+++ b/spotipy/oauth2.py
@@ -385,7 +385,7 @@ class SpotifyOAuth(SpotifyAuthBase):
                 "Go to the following URL: {}\n"
                 "Enter the URL you were redirected to: ".format(url)
             )
-        response = SpotifyOAuth._get_user_input(prompt)
+        response = self._get_user_input(prompt)
         state, code = SpotifyOAuth.parse_auth_response_url(response)
         if self.state is not None and self.state != state:
             raise SpotifyStateError(self.state, state)
@@ -924,7 +924,7 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
     a client secret, redirect uri, and username. The user will need to
     copy and paste a URI from the browser every hour.
 
-    Security Advisory
+    Security Warning
     -----------------
     The OAuth standard no longer recommends the Implicit Grant Flow for
     client-side code. Spotify has implemented the OAuth-suggested PKCE
@@ -962,7 +962,7 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
                  show_dialog=False):
         """ Creates Auth Manager using the Implicit Grant flow
 
-        **See help(SpotifyImplictGrant) for Security Advisory**
+        **See help(SpotifyImplictGrant) for full Security Warning**
 
         Parameters
         ----------
@@ -974,6 +974,12 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
         * username: Must be supplied or set as environment variable
         * show_dialog: Interpreted as boolean
         """
+        logger.warning("The OAuth standard no longer recommends the Implicit "
+                       "Grant Flow for client-side code. Use the SpotifyPKCE "
+                       "auth manager instead of SpotifyImplicitGrant. For "
+                       "more details and a guide to switching, see "
+                       "help(SpotifyImplictGrant).")
+
         self.client_id = client_id
         self.redirect_uri = redirect_uri
         self.state = state