Resolving issues anitabyte#22, anitabyte#15

sov2000 · sov2000 · commit 769b39f35e33 · 2024-12-10T23:29:47.000-05:00
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ Python 3 client for the [Etsy Open API v3](https://developer.etsy.com/documentat
 
 The authorisation flow in v3 of Etsy's API is somewhat different to the flow used in v2. It is the [OAuth 2.0 Authorization Code Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.1) flow, [documented quite well by Etsy themselves](https://developer.etsy.com/documentation/essentials/authentication/). Make sure you've done the setup at `Requesting an OAuth Token`, in terms of getting your Etsy API keystring and callback URLs set up.
 
-In the `etsyv3.utils.util.auth` package, the `auth_helper.py` module contains a helper class (`AuthHelper`) for the authentication flow. Provided with the keystring, one of the redirect URLs that you've specific in your Etsy app setup, a list of scopes to be provided in this authentication (a list of strings at present, but likely to become a set of `enums` in future), a code verifier string (specified by you) and a state string (also specified by you), it will allow for some simplification of the process.
+In the `etsyv3.util.auth` package, the `auth_helper.py` module contains a helper class (`AuthHelper`) for the authentication flow. Provided with the keystring, one of the redirect URLs that you've specific in your Etsy app setup, a list of scopes to be provided in this authentication (a list of strings at present, but likely to become a set of `enums` in future), a code verifier string (specified by you) and a state string (also specified by you), it will allow for some simplification of the process.
 
 With your initialised `AuthHelper`, the flow looks something like this:
 
diff --git a/etsyv3/util/auth/auth_helper.py b/etsyv3/util/auth/auth_helper.py
@@ -3,6 +3,7 @@
 import secrets
 from typing import List, Optional, Tuple
 
+from etsy_api import BadRequest
 from requests_oauthlib import OAuth2Session  # type: ignore[import]
 
 
@@ -43,7 +44,8 @@ def set_authorisation_code(self, code: str, state: str) -> None:
         if state == self.state:
             self.auth_code = code
         else:
-            raise
+            # per etsy followed RFC 6749 bad state should raise invalid request, https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+            raise BadRequest('{"error": "invalid_request", "error_description": "State mismatch"}')
 
     def get_access_token(self) -> Optional[str]:
         headers = {
