From b8968e408d6839260bbaa351f768ef946b92f725 Mon Sep 17 00:00:00 2001
From: Ricky Cook <mail@thatpanda.com>
Date: Mon, 2 May 2016 12:43:12 +1000
Subject: [PATCH 1/5] Make OAuth2 client stateless

---
 flask_oauthlib/client.py | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index 51b3fd7d..b0c2c82b 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -14,16 +14,18 @@
 from copy import copy
 from functools import wraps
 from oauthlib.common import to_unicode, PY3, add_params_to_uri
-from flask import request, redirect, json, session, current_app
+from flask import request, redirect, json, current_app
 from werkzeug import url_quote, url_decode, url_encode
 from werkzeug import parse_options_header, cached_property
 from .utils import to_bytes
 try:
-    from urlparse import urljoin
+    from urllib import urlencode
+    from urlparse import parse_qsl, urljoin, urlparse, urlunparse
     import urllib2 as http
 except ImportError:
     from urllib import request as http
     from urllib.parse import urljoin
+    from urllib.parse import parse_qsl, urlencode, urlparse, urlunparse
 log = logging.getLogger('flask_oauthlib')
 
 
@@ -519,7 +521,6 @@ def authorize(self, callback=None, state=None, **kwargs):
                 # state can be function for generate a random string
                 state = state()
 
-            session['%s_oauthredir' % self.name] = callback
             url = client.prepare_request_uri(
                 self.expand_url(self.authorize_url),
                 redirect_uri=callback,
@@ -576,7 +577,6 @@ def generate_request_token(self, callback=None):
                 data=data,
             )
         tup = (data['oauth_token'], data['oauth_token_secret'])
-        session['%s_oauthtok' % self.name] = tup
         return tup
 
     def get_request_token(self):
@@ -619,11 +619,23 @@ def handle_oauth1_response(self):
     def handle_oauth2_response(self):
         """Handles an oauth2 authorization response."""
 
+        # Remove the 'code' argument from current URL
+        oauth_redir_tuple = urlparse(request.url)
+        query_args = [
+            arg_pair for arg_pair in parse_qsl(oauth_redir_tuple.query)
+            if arg_pair[0] != 'code'
+        ]
+        oauth_redir = urlunparse(
+            oauth_redir_tuple[0:4] +
+            (urlencode(query_args, doseq=True),) +
+            oauth_redir_tuple[5:]
+        )
+
         client = self.make_client()
         remote_args = {
             'code': request.args.get('code'),
             'client_secret': self.consumer_secret,
-            'redirect_uri': session.get('%s_oauthredir' % self.name)
+            'redirect_uri': oauth_redir
         }
         log.debug('Prepare oauth2 remote args %r', remote_args)
         remote_args.update(self.access_token_params)
@@ -670,9 +682,6 @@ def authorized_response(self):
         else:
             data = self.handle_unknown_response()
 
-        # free request token
-        session.pop('%s_oauthtok' % self.name, None)
-        session.pop('%s_oauthredir' % self.name, None)
         return data
 
     def authorized_handler(self, f):

From 9cd174e1d14571f3ae6ba9e781563d94ebac71fa Mon Sep 17 00:00:00 2001
From: Ricky Cook <mail@thatpanda.com>
Date: Mon, 2 May 2016 12:47:32 +1000
Subject: [PATCH 2/5] Don't need redirect_uri in client/provider req

---
 flask_oauthlib/client.py | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index b0c2c82b..61d7b528 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -19,13 +19,11 @@
 from werkzeug import parse_options_header, cached_property
 from .utils import to_bytes
 try:
-    from urllib import urlencode
-    from urlparse import parse_qsl, urljoin, urlparse, urlunparse
+    from urlparse import urljoin
     import urllib2 as http
 except ImportError:
     from urllib import request as http
     from urllib.parse import urljoin
-    from urllib.parse import parse_qsl, urlencode, urlparse, urlunparse
 log = logging.getLogger('flask_oauthlib')
 
 
@@ -619,23 +617,10 @@ def handle_oauth1_response(self):
     def handle_oauth2_response(self):
         """Handles an oauth2 authorization response."""
 
-        # Remove the 'code' argument from current URL
-        oauth_redir_tuple = urlparse(request.url)
-        query_args = [
-            arg_pair for arg_pair in parse_qsl(oauth_redir_tuple.query)
-            if arg_pair[0] != 'code'
-        ]
-        oauth_redir = urlunparse(
-            oauth_redir_tuple[0:4] +
-            (urlencode(query_args, doseq=True),) +
-            oauth_redir_tuple[5:]
-        )
-
         client = self.make_client()
         remote_args = {
             'code': request.args.get('code'),
             'client_secret': self.consumer_secret,
-            'redirect_uri': oauth_redir
         }
         log.debug('Prepare oauth2 remote args %r', remote_args)
         remote_args.update(self.access_token_params)

From ed788021b0b05c195c31473bab15b5074c341a6f Mon Sep 17 00:00:00 2001
From: Ricky Cook <mail@thatpanda.com>
Date: Mon, 2 May 2016 12:49:31 +1000
Subject: [PATCH 3/5] Whitespace

---
 flask_oauthlib/client.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index 61d7b528..b2161860 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -616,7 +616,6 @@ def handle_oauth1_response(self):
 
     def handle_oauth2_response(self):
         """Handles an oauth2 authorization response."""
-
         client = self.make_client()
         remote_args = {
             'code': request.args.get('code'),

From 5d2de3db83165d7670648a161251b4c7b3597422 Mon Sep 17 00:00:00 2001
From: Ricky Cook <mail@thatpanda.com>
Date: Mon, 2 May 2016 13:16:04 +1000
Subject: [PATCH 4/5] Use session for OAuth1 token

---
 flask_oauthlib/client.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index b2161860..491be325 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -575,6 +575,7 @@ def generate_request_token(self, callback=None):
                 data=data,
             )
         tup = (data['oauth_token'], data['oauth_token_secret'])
+        session['%s_oauthtok' % self.name] = tup
         return tup
 
     def get_request_token(self):
@@ -666,6 +667,8 @@ def authorized_response(self):
         else:
             data = self.handle_unknown_response()
 
+        # free request token
+        session.pop('%s_oauthtok' % self.name, None)
         return data
 
     def authorized_handler(self, f):

From 75c870bd1bbfd239c04aedfe4d8f3e45f31a490c Mon Sep 17 00:00:00 2001
From: Ricky Cook <mail@thatpanda.com>
Date: Mon, 2 May 2016 13:19:08 +1000
Subject: [PATCH 5/5] Reimport session into client

---
 flask_oauthlib/client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index 491be325..91f9d176 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -14,7 +14,7 @@
 from copy import copy
 from functools import wraps
 from oauthlib.common import to_unicode, PY3, add_params_to_uri
-from flask import request, redirect, json, current_app
+from flask import request, redirect, json, session, current_app
 from werkzeug import url_quote, url_decode, url_encode
 from werkzeug import parse_options_header, cached_property
 from .utils import to_bytes