Merge pull request ozgur#65 from brandedme/master

Allow user to define custom state for each authorization url
littlebay · Feb 15, 2015 · 49eeb55 · 49eeb55
2 parents 837e692 + 797d168
commit 49eeb55
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -78,6 +78,10 @@ API_SECRET = 'daJDa6_8UcnGMw1yuq9TjoO_PMKukXMo8vEMo7Qv5J-G3SPgrAV0FqFCd0TNjQyG'
 RETURN_URL = 'http://localhost:8000'
 
 authentication = linkedin.LinkedInAuthentication(API_KEY, API_SECRET, RETURN_URL, linkedin.PERMISSIONS.enums.values())
+# Optionally one can send custom "state" value that will be returned from OAuth server
+# It can be used to track your user state or something else (it's up to you)
+# Be aware that this value is sent to OAuth server AS IS - make sure to encode or hash it
+#authorization.state = 'your_encoded_message'
 print authentication.authorization_url  # open this url on your browser
 application = linkedin.LinkedInApplication(authentication)
 ```

diff --git a/README.rst b/README.rst
@@ -38,6 +38,10 @@ LinkedIn redirects the user back to your website's URL after granting access (gi
     API_KEY = "wFNJekVpDCJtRPFX812pQsJee-gt0zO4X5XmG6wcfSOSlLocxodAXNMbl0_hw3Vl"
     API_SECRET = "daJDa6_8UcnGMw1yuq9TjoO_PMKukXMo8vEMo7Qv5J-G3SPgrAV0FqFCd0TNjQyG"
     RETURN_URL = "http://localhost:8000"
+    # Optionally one can send custom "state" value that will be returned from OAuth server
+    # It can be used to track your user state or something else (it's up to you)
+    # Be aware that this value is sent to OAuth server AS IS - make sure to encode or hash it
+    #authorization.state = 'your_encoded_message'
     authentication = linkedin.LinkedInAuthentication(API_KEY, API_SECRET, RETURN_URL, linkedin.PERMISSIONS.enums.values())
     print authentication.authorization_url
     application = linkedin.LinkedInApplication(authentication)

diff --git a/linkedin/linkedin.py b/linkedin/linkedin.py
@@ -86,11 +86,10 @@ def __init__(self, key, secret, redirect_uri, permissions=None):
 
     @property
     def authorization_url(self):
-        self.state = self._make_new_state()
         qd = {'response_type': 'code',
               'client_id': self.key,
               'scope': (' '.join(self.permissions)).strip(),
-              'state': self.state,
+              'state': self.state or self._make_new_state(),
               'redirect_uri': self.redirect_uri}
         # urlencode uses quote_plus when encoding the query string so,
         # we ought to be encoding the qs by on our own.