From 8748c6e0e9a66e5b153dac528b313823c152bd19 Mon Sep 17 00:00:00 2001
From: gunnar <gunnar@g10f.de>
Date: Fri, 3 Jul 2015 17:29:50 +0200
Subject: [PATCH] send no state in the access token response

---
 examples/skeleton_oauth2_web_application_server.py        | 2 +-
 oauthlib/oauth2/rfc6749/grant_types/authorization_code.py | 2 +-
 oauthlib/oauth2/rfc6749/request_validator.py              | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/skeleton_oauth2_web_application_server.py b/examples/skeleton_oauth2_web_application_server.py
index 04ce4e4c..4816cc0c 100644
--- a/examples/skeleton_oauth2_web_application_server.py
+++ b/examples/skeleton_oauth2_web_application_server.py
@@ -64,7 +64,7 @@ def authenticate_client_id(self, client_id, request, *args, **kwargs):
 
     def validate_code(self, client_id, code, client, request, *args, **kwargs):
         # Validate the code belongs to the client. Add associated scopes,
-        # state and user to request.scopes, request.state and request.user.
+        # state and user to request.scopes and request.user.
         pass
 
     def confirm_redirect_uri(self, client_id, code, redirect_uri, client, *args, **kwargs):
diff --git a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
index 1d21c56e..59863535 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
@@ -383,7 +383,7 @@ def validate_token_request(self, request):
                       request.client_id, request.client, request.scopes)
             raise errors.InvalidGrantError(request=request)
 
-        for attr in ('user', 'state', 'scopes'):
+        for attr in ('user', 'scopes'):
             if getattr(request, attr, None) is None:
                 log.debug('request.%s was not set on code validation.', attr)
 
diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py
index e622ff17..627e3494 100644
--- a/oauthlib/oauth2/rfc6749/request_validator.py
+++ b/oauthlib/oauth2/rfc6749/request_validator.py
@@ -342,8 +342,8 @@ def validate_code(self, client_id, code, client, request, *args, **kwargs):
         """Ensure the authorization_code is valid and assigned to client.
 
         OBS! The request.user attribute should be set to the resource owner
-        associated with this authorization code. Similarly request.scopes and
-        request.state must also be set.
+        associated with this authorization code. Similarly request.scopes
+        must also be set.
 
         :param client_id: Unicode client identifier
         :param code: Unicode authorization code