Example Code doesn't use &state for CSRF?

Patreon / patreon-python

Interact with the Patreon API via OAuth

Apache License 2.0

122 stars 33 forks source link

Example Code doesn't use &state for CSRF? #10

Closed auxiliary-character closed 6 years ago

auxiliary-character commented 7 years ago

The documentation recommends using &state for CSRF in step 1, but the example code doesn't appear to use it. Is this a security problem?

phildini commented 6 years ago

Thanks for asking, sorry it took us so long to reply. Whether or not it's a bug, it's certainly unclear, and we'll adjust the examples in a future version to make it clearer.