OAuth2Session ignores self.state when generation an authorization url

[FelixSchwarz]

OAuth2Session always calls self.new_state() in authorization_url even if the user specified a state in the constructor. I think that should be changed.

As a side note I think the state and state_generator arguments should be mutually exclusive to prevent errors on the user side.

[ib-lundgren]

I agree. A way both could be achieved would be to combine the state and state_generator arguments to one, state and document that it can be a callable or string, then check for TypeError. The overloaded use of self.state would need to change so to internally track the actually used state instead use self._state.

def new_state():
    try:
        self._state = self.state()
    except TypeError:
        self._state = state

@FelixSchwarz fancy making those changes and sending a PR? Don't worry if you don't have time, I can find some soonish.

[FelixSchwarz]

Am 18.06.2013 16:57, schrieb Ib Lundgren:

@FelixSchwarz https://github.com/FelixSchwarz fancy making those changes and
sending a PR? Don't worry if you don't have time, I can find some soonish.

Well currently I have approximately zero free time so I'd be glad if you could
fix it :-) Thank you very much for picking up the issue so quickly.

[ib-lundgren]

state is no longer ignored and can be either a string or a callable. It should no longer be ignored in new_state =)