changes

fusion_clover/const.py

@@ -17,11 +17,18 @@ TOKEN_BASE_URL_TEST = 'https://token-sandbox.dev.clover.com'
 CONNECT_BASE_URL = 'https://api.clover.com/connect/v1'
 CONNECT_BASE_URL_TEST = 'https://apisandbox.dev.clover.com/connect/v1'
 
-# OAuth URLs
-OAUTH_AUTHORIZE_URL_TEST = 'https://apisandbox.dev.clover.com/oauth/authorize'
-OAUTH_AUTHORIZE_URL = 'https://api.clover.com/oauth/authorize'
-OAUTH_TOKEN_URL_TEST = 'https://apisandbox.dev.clover.com/oauth/token'
-OAUTH_TOKEN_URL = 'https://api.clover.com/oauth/token'
+# OAuth v2 URLs (Clover mandated v2 from October 2023; legacy /oauth/authorize
+# is deprecated). Note that the AUTHORIZE endpoint is on the merchant/dev
+# portal host (sandbox.dev.clover.com / www.clover.com) — NOT on the API
+# host — because it has to render a merchant-facing login + consent UI.
+# The TOKEN/REFRESH endpoints are on the API host.
+# https://docs.clover.com/docs/use-oauth#sandbox-and-production-environment-urls
+OAUTH_AUTHORIZE_URL_TEST = 'https://sandbox.dev.clover.com/oauth/v2/authorize'
+OAUTH_AUTHORIZE_URL = 'https://www.clover.com/oauth/v2/authorize'
+OAUTH_TOKEN_URL_TEST = 'https://apisandbox.dev.clover.com/oauth/v2/token'
+OAUTH_TOKEN_URL = 'https://api.clover.com/oauth/v2/token'
+OAUTH_REFRESH_URL_TEST = 'https://apisandbox.dev.clover.com/oauth/v2/refresh'
+OAUTH_REFRESH_URL = 'https://api.clover.com/oauth/v2/refresh'
 
 DEFAULT_PAYMENT_METHOD_CODES = {
     'card',