client_from_manual_flow works even without Redirect URL?

[felonfusk]

Please read the bug submission guidelines before submitting a bug.

Not following guidelines may result in your bug being ignored and/or closed.

Description of Bug Using client_from_manual_flow to get new token file. Due to another issue which gave me error at the login page, I entered an empty string for Redirect URL. Surprisingly this actually worked. Although by calling client_from_token_file the token file will not be refreshed and will expire in 1 hour. The 2 questions here: Is this normal for client_from_manual_flow to generate a valid token even without an empty string Redirect URL? Why client_from_token_file fails to refresh the generated token file?

python: 3.11 schwab-py: 1.2.1

Code to Reproduce step 1: in auth.py line 532, simply make redirected_url an empty string:

#redirected_url = prompt('Redirect URL> ').strip()
redirected_url = ''

step 2:

import schwab
api_key = ""
app_secret = ""
callback_url = "https://127.0.0.1:8182"
token_path = 'token.json'

def test_manual_flow():
    schwab.auth.client_from_manual_flow(api_key, app_secret, callback_url, token_path)
    conn = schwab.auth.client_from_token_file(token_path, api_key, app_secret)
    latest_quote = conn.get_quote('SPY').json()['SPY']
    print(latest_quote)

IMPORTANT: Remember to anonymize your code. Be sure to replace API keys/Client IDs with placeholders. Also, never, ever share the contents of your token file.

Expected Behavior An invalid redirected_url should not produce a valid token. client_from_token_file should refresh the token

Actual Behavior By making redirected_url an empty string, a valid token is produced which cannot be refreshed.

Error/Exception Log, If Applicable See here to learn how to turn on debug logging: https://tda-api.readthedocs.io/en/latest/help.html

[alexgolec]

Very interesting. I'll look into this...

[alexgolec]

Closing because I can't seem to replicate this issue.