[PR #509] [MERGED] Check the state #920

New issue

Closed

opened 2026-02-28 00:02:37 +03:00 by kerem · 0 comments

kerem commented

2026-02-28 00:02:37 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/spotipy-dev/spotipy/pull/509
Author: @foobuzz
Created: 6/6/2020
Status: ✅ Merged
Merged: 6/20/2020
Merged by: @stephanebruckert

Base: master ← Head: verify-state

📝 Commits (3)

550be31 - Verify that the state received alongside the authorization code is consistent with the one sent
3af70ff Resurrect public methods parse_response_code and get_authorization_code
559e8e8 Use new method parse_oatuh_response_url for parse_response_code implementation.

📊 Changes

3 files changed (+75 additions, -20 deletions)

View changed files

📝 spotipy/oauth2.py (+32 -19)
📝 spotipy/util.py (+2 -0)
📝 tests/unit/test_oauth.py (+41 -1)

📄 Description

Hello,

The SpotifyOAuth class accepts an optional state parameter to be added to the authorization URL. However, this parameter wasn't checked when echoed back upon the redirection from Spotify, which pretty much made its usage useless. This PR simply adds the necessary check when state is used. I also refactored the extraction of the authentication code from the URL so that it's the same between interactive way and local server way.

Verify that the state received alongside the authorization code is consistent with the one that was sent
Refactor URL parsing for the local server way and the interactive way
Add tests for interactive way
Allow state to be given to util.prompt_for_user_token

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/spotipy-dev/spotipy/pull/509 **Author:** [@foobuzz](https://github.com/foobuzz) **Created:** 6/6/2020 **Status:** ✅ Merged **Merged:** 6/20/2020 **Merged by:** [@stephanebruckert](https://github.com/stephanebruckert) **Base:** `master` ← **Head:** `verify-state` --- ### 📝 Commits (3) - [`550be31`](https://github.com/spotipy-dev/spotipy/commit/550be3159a914e6ab39b0f3e86004603746728f8) - Verify that the state received alongside the authorization code is consistent with the one sent - [`3af70ff`](https://github.com/spotipy-dev/spotipy/commit/3af70ff27ab9b7059442bd16a25b32360f7fe03d) Resurrect public methods parse_response_code and get_authorization_code - [`559e8e8`](https://github.com/spotipy-dev/spotipy/commit/559e8e832e4e50cb5ad1be50f8020dada77d2e8b) Use new method parse_oatuh_response_url for parse_response_code implementation. ### 📊 Changes **3 files changed** (+75 additions, -20 deletions) <details> <summary>View changed files</summary> 📝 `spotipy/oauth2.py` (+32 -19) 📝 `spotipy/util.py` (+2 -0) 📝 `tests/unit/test_oauth.py` (+41 -1) </details> ### 📄 Description Hello, The `SpotifyOAuth` class accepts an optional `state` parameter to be added to the authorization URL. However, this parameter wasn't checked when echoed back upon the redirection from Spotify, which pretty much made its usage useless. This PR simply adds the necessary check when `state` is used. I also refactored the extraction of the authentication code from the URL so that it's the same between interactive way and local server way. - Verify that the state received alongside the authorization code is consistent with the one that was sent - Refactor URL parsing for the local server way and the interactive way - Add tests for interactive way - Allow `state` to be given to `util.prompt_for_user_token` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>