anas/spotipy
1
0
Fork 0
mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-06-19 09:13:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add Warning to SpotifyImplicitGrant.__init__ (#568)

Browse Source 
* Clean up namespace in SpotifyPKCE._get_auth_response_interactive

* Add Warning to SpotifyImplicitGrant.__init__

* Update changelog with addition of warning
This commit is contained in:
IdmFoundInHim 2020-08-30 12:02:18 -04:00 committed by GitHub
parent df99eab61c
commit d448d33704
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `SpotifyPKCE.parse_auth_response_url`, mirroring that method in - `SpotifyPKCE.parse_auth_response_url`, mirroring that method in
`SpotifyOAuth` `SpotifyOAuth`
- `SpotifyImplicitGrant` warns of security considerations and recommends
`SpotifyPKCE`
### Fixed ### Fixed

12
spotipy/oauth2.py
View File

@ -385,7 +385,7 @@ class SpotifyOAuth(SpotifyAuthBase):
"Go to the following URL: {}\n" "Go to the following URL: {}\n"
"Enter the URL you were redirected to: ".format(url) "Enter the URL you were redirected to: ".format(url)
) )
response = SpotifyOAuth._get_user_input(prompt) response = self._get_user_input(prompt)
state, code = SpotifyOAuth.parse_auth_response_url(response) state, code = SpotifyOAuth.parse_auth_response_url(response)
if self.state is not None and self.state != state: if self.state is not None and self.state != state:
raise SpotifyStateError(self.state, state) raise SpotifyStateError(self.state, state)
@ -924,7 +924,7 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
a client secret, redirect uri, and username. The user will need to a client secret, redirect uri, and username. The user will need to
copy and paste a URI from the browser every hour. copy and paste a URI from the browser every hour.
Security Advisory Security Warning
----------------- -----------------
The OAuth standard no longer recommends the Implicit Grant Flow for The OAuth standard no longer recommends the Implicit Grant Flow for
client-side code. Spotify has implemented the OAuth-suggested PKCE client-side code. Spotify has implemented the OAuth-suggested PKCE
@ -962,7 +962,7 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
show_dialog=False): show_dialog=False):
""" Creates Auth Manager using the Implicit Grant flow """ Creates Auth Manager using the Implicit Grant flow
**See help(SpotifyImplictGrant) for Security Advisory** **See help(SpotifyImplictGrant) for full Security Warning**
Parameters Parameters
---------- ----------
@ -974,6 +974,12 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
* username: Must be supplied or set as environment variable * username: Must be supplied or set as environment variable
* show_dialog: Interpreted as boolean * show_dialog: Interpreted as boolean
""" """
logger.warning("The OAuth standard no longer recommends the Implicit "
"Grant Flow for client-side code. Use the SpotifyPKCE "
"auth manager instead of SpotifyImplicitGrant. For "
"more details and a guide to switching, see "
"help(SpotifyImplictGrant).")
self.client_id = client_id self.client_id = client_id
self.redirect_uri = redirect_uri self.redirect_uri = redirect_uri
self.state = state self.state = state