Merge pull request #204 from adamint/dev

update docs, add state option to get auth url

Author: adamint

build.gradle.kts

@@ -15,7 +15,7 @@ plugins {
 }
 
 group = "com.adamratzman"
-version = "3.1.0"
+version = "3.1.01"
 
 java {
     withSourcesJar()
@@ -63,10 +63,11 @@ kotlin {
 
             val commonMain by getting {
                 dependencies {
-                    implementation(kotlin("stdlib-common"))
                     api("org.jetbrains.kotlinx:kotlinx-coroutines-core-common:$coroutineVersion")
-                    implementation("org.jetbrains.kotlinx:kotlinx-serialization-runtime-common:$serializationVersion")
+                    api("org.jetbrains.kotlinx:kotlinx-serialization-runtime-common:$serializationVersion")
                     api("io.ktor:ktor-client-core:$ktorVersion")
+
+                    implementation(kotlin("stdlib-common"))
                 }
             }
             val commonTest by getting {
@@ -85,9 +86,9 @@ kotlin {
 
                 dependencies {
                     api("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutineVersion")
-                    implementation("org.jetbrains.kotlinx:kotlinx-serialization-runtime:$serializationVersion")
+                    api("org.jetbrains.kotlinx:kotlinx-serialization-runtime:$serializationVersion")
                     api("io.ktor:ktor-client-okhttp:$ktorVersion")
-                    implementation("commons-codec:commons-codec:1.14")
+                    api("commons-codec:commons-codec:1.14")
                     implementation(kotlin("stdlib-jdk8"))
                 }
             }
@@ -105,12 +106,12 @@ kotlin {
 
             val jsMain by getting {
                 dependencies {
-                    implementation(npm("text-encoding", "0.7.0"))
+                    api(npm("text-encoding", "0.7.0"))
                     api("org.jetbrains.kotlinx:kotlinx-coroutines-core-js:$coroutineVersion")
-                    implementation("org.jetbrains.kotlinx:kotlinx-serialization-runtime-js:$serializationVersion")
+                    api("org.jetbrains.kotlinx:kotlinx-serialization-runtime-js:$serializationVersion")
                     api("io.ktor:ktor-client-js:$ktorVersion")
-                    implementation(npm("abort-controller", "3.0.0"))
-                    implementation(npm("node-fetch", "2.6.0"))
+                    api(npm("abort-controller", "3.0.0"))
+                    api(npm("node-fetch", "2.6.0"))
 
                     compileOnly(kotlin("stdlib-js"))
                 }

src/commonMain/kotlin/com.adamratzman.spotify/Builder.kt

@@ -28,9 +28,24 @@ import kotlinx.serialization.json.Json
  * @param redirectUri Spotify [redirect uri](https://developer.spotify.com/documentation/general/guides/app-settings/)
  * @param isImplicitGrantFlow Whether the authorization url should be for the Implicit Grant flow, otherwise for Authorization Code flo
  * @param shouldShowDialog If [isImplicitGrantFlow] is true, whether or not to force the user to approve the app again if they’ve already done so.
+ * @param state This provides protection against attacks such as cross-site request forgery.
  */
-fun getSpotifyAuthorizationUrl(vararg scopes: SpotifyScope, clientId: String, redirectUri: String, isImplicitGrantFlow: Boolean = false, shouldShowDialog: Boolean = false): String {
-    return SpotifyApi.getAuthUrlFull(*scopes, clientId = clientId, redirectUri = redirectUri, isImplicitGrantFlow = isImplicitGrantFlow, shouldShowDialog = shouldShowDialog)
+fun getSpotifyAuthorizationUrl(
+    vararg scopes: SpotifyScope,
+    clientId: String,
+    redirectUri: String,
+    isImplicitGrantFlow: Boolean = false,
+    shouldShowDialog: Boolean = false,
+    state: String? = null
+): String {
+    return SpotifyApi.getAuthUrlFull(
+            *scopes,
+            clientId = clientId,
+            redirectUri = redirectUri,
+            isImplicitGrantFlow = isImplicitGrantFlow,
+            shouldShowDialog = shouldShowDialog,
+            state = state
+    )
 }
 
 // ==============================================
@@ -536,9 +551,10 @@ interface ISpotifyClientApiBuilder : ISpotifyApiBuilder<SpotifyClientApi, Spotif
      * Create a Spotify authorization URL from which API access can be obtained
      *
      * @param scopes The scopes that the application should have access to
+     * @param state This provides protection against attacks such as cross-site request forgery.
      * @return Authorization URL that can be used in a browser
      */
-    fun getAuthorizationUrl(vararg scopes: SpotifyScope): String
+    fun getAuthorizationUrl(vararg scopes: SpotifyScope, state: String? = null): String
 }
 
 /**
@@ -549,9 +565,14 @@ class SpotifyClientApiBuilder(
     override var authorization: SpotifyUserAuthorization = SpotifyUserAuthorizationBuilder().build(),
     override var options: SpotifyApiOptions = SpotifyApiOptionsBuilder().build()
 ) : ISpotifyClientApiBuilder {
-    override fun getAuthorizationUrl(vararg scopes: SpotifyScope): String {
+    override fun getAuthorizationUrl(vararg scopes: SpotifyScope, state: String?): String {
         require(credentials.redirectUri != null && credentials.clientId != null) { "You didn't specify a redirect uri or client id in the credentials block!" }
-        return SpotifyApi.getAuthUrlFull(*scopes, clientId = credentials.clientId!!, redirectUri = credentials.redirectUri!!)
+        return SpotifyApi.getAuthUrlFull(
+                *scopes,
+                clientId = credentials.clientId!!,
+                redirectUri = credentials.redirectUri!!,
+                state = state
+        )
     }
 
     override suspend fun suspendBuild(): SpotifyClientApi {

src/commonMain/kotlin/com.adamratzman.spotify/SpotifyApi.kt

@@ -187,12 +187,18 @@ sealed class SpotifyApi<T : SpotifyApi<T, B>, B : ISpotifyApiBuilder<T, B>>(
      * @param scopes The scopes that the application should have access to
      * @param redirectUri The redirect uri specified on the Spotify developer dashboard; where to
      * redirect the browser after authentication
+     * @param state This provides protection against attacks such as cross-site request forgery.
      *
      * @return Authorization URL that can be used in a browser
      */
-    fun getAuthorizationUrl(vararg scopes: SpotifyScope, redirectUri: String): String {
+    fun getAuthorizationUrl(vararg scopes: SpotifyScope, redirectUri: String, state: String? = null): String {
         require(clientId != null)
-        return getAuthUrlFull(*scopes, clientId = clientId, redirectUri = redirectUri)
+        return getAuthUrlFull(
+                *scopes,
+                clientId = clientId,
+                redirectUri = redirectUri,
+                state = state
+        )
     }
 
     /**
@@ -248,11 +254,20 @@ sealed class SpotifyApi<T : SpotifyApi<T, B>, B : ISpotifyApiBuilder<T, B>>(
          * @param scopes Spotify scopes the api instance should be able to access for the user
          * @param clientId Spotify [client id](https://developer.spotify.com/documentation/general/guides/app-settings/)
          * @param redirectUri Spotify [redirect uri](https://developer.spotify.com/documentation/general/guides/app-settings/)
+         * @param state This provides protection against attacks such as cross-site request forgery.
          */
-        fun getAuthUrlFull(vararg scopes: SpotifyScope, clientId: String, redirectUri: String, isImplicitGrantFlow: Boolean = false, shouldShowDialog: Boolean = false): String {
+        fun getAuthUrlFull(
+            vararg scopes: SpotifyScope,
+            clientId: String,
+            redirectUri: String,
+            isImplicitGrantFlow: Boolean = false,
+            shouldShowDialog: Boolean = false,
+            state: String? = null
+        ): String {
             return "https://accounts.spotify.com/authorize/?client_id=$clientId" +
                     "&response_type=${if (isImplicitGrantFlow) "token" else "code"}" +
                     "&redirect_uri=$redirectUri" +
+                    (state?.let { "&state=$it" } ?: "") +
                     if (scopes.isEmpty()) "" else "&scope=${scopes.joinToString("%20") { it.uri }}" +
                             if (shouldShowDialog) "&show_dialog=$shouldShowDialog" else ""
         }
@@ -589,9 +604,9 @@ open class SpotifyClientApi internal constructor(
      *
      * @return Authorization URL that can be used in a browser
      */
-    fun getAuthorizationUrl(vararg scopes: SpotifyScope): String {
+    fun getAuthorizationUrl(vararg scopes: SpotifyScope, state: String? = null): String {
         require(clientId != null && clientSecret != null) { "Either the client id or the client secret is not set" }
-        return redirectUri?.let { getAuthUrlFull(*scopes, clientId = clientId, redirectUri = it) }
+        return redirectUri?.let { getAuthUrlFull(*scopes, clientId = clientId, redirectUri = it, state = state) }
                 ?: throw IllegalArgumentException("The redirect uri must be set")
     }