Add Warning to SpotifyImplicitGrant.__init__ (#568)

* Clean up namespace in SpotifyPKCE._get_auth_response_interactive * Add Warning to SpotifyImplicitGrant.__init__ * Update changelog with addition of warning
spotipy-dev · Aug 30, 2020 · d448d33 · d448d33
1 parent df99eab
commit d448d33
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - `SpotifyPKCE.parse_auth_response_url`, mirroring that method in
  `SpotifyOAuth`
+- `SpotifyImplicitGrant` warns of security considerations and recommends
+ `SpotifyPKCE`
 
 ### Fixed
 

diff --git a/spotipy/oauth2.py b/spotipy/oauth2.py
@@ -385,7 +385,7 @@ def _get_auth_response_interactive(self, open_browser=True):
                 "Go to the following URL: {}\n"
                 "Enter the URL you were redirected to: ".format(url)
             )
-        response = SpotifyOAuth._get_user_input(prompt)
+        response = self._get_user_input(prompt)
         state, code = SpotifyOAuth.parse_auth_response_url(response)
         if self.state is not None and self.state != state:
             raise SpotifyStateError(self.state, state)
@@ -924,7 +924,7 @@ class SpotifyImplicitGrant(SpotifyAuthBase):
     a client secret, redirect uri, and username. The user will need to
     copy and paste a URI from the browser every hour.
 
-    Security Advisory
+    Security Warning
     -----------------
     The OAuth standard no longer recommends the Implicit Grant Flow for
     client-side code. Spotify has implemented the OAuth-suggested PKCE
@@ -962,7 +962,7 @@ def __init__(self,
                  show_dialog=False):
         """ Creates Auth Manager using the Implicit Grant flow
 
-        **See help(SpotifyImplictGrant) for Security Advisory**
+        **See help(SpotifyImplictGrant) for full Security Warning**
 
         Parameters
         ----------
@@ -974,6 +974,12 @@ def __init__(self,
         * username: Must be supplied or set as environment variable
         * show_dialog: Interpreted as boolean
         """
+        logger.warning("The OAuth standard no longer recommends the Implicit "
+                       "Grant Flow for client-side code. Use the SpotifyPKCE "
+                       "auth manager instead of SpotifyImplicitGrant. For "
+                       "more details and a guide to switching, see "
+                       "help(SpotifyImplictGrant).")
+
         self.client_id = client_id
         self.redirect_uri = redirect_uri
         self.state = state