topic Re: 403 on valid access token using the authorization code flow in Spotify for Developers

403 on valid access token using the authorization code flow

marinofranz — Sun, 07 Jul 2024 18:20:22 GMT

Hello,

I'm having a bit of an issue with the Spotify Web API. I suspect the IP address of my production machine may have been put on some sort of ban list. I won't be giving out the IP address on the forum, but if it helps, I am using a machine from Hetzner.

Authenticating via the authorization code flow works just fine on my local machine during testing, but as soon as my application runs on my production machine, authenticating does not work at all. Please note that my Spotify application is in development mode, and has not been approved for a quota extension just yet.

Edit: Forgot to add this, but when I use an access token that was provided to my local machine, and when I try to use that same token on the production machine, it throws a 403 error.

Thanks in advance,

Marino

Re: 403 on valid access token using the authorization code flow

smacklol — Sun, 07 Jul 2024 22:12:41 GMT

It may not be that your prod. server is banned but your prod server itself must request an accessToken to make requests. You said that the local machine and prod server use the same token; I don't think it's part of the official OAuth standard, but Spotify might extend security of access tokens by associating them with an IP or something. Otherwise a malicious dev could request one access token, distribute it to a bunch of remote servers and attempt a DDoS on Spotify using that one access token. Otherwise, if you're getting 403, it's also possible the access token scopes don't cover the end point you're hitting, but if it works in your local environment that's less likely to be the case

Re: 403 on valid access token using the authorization code flow

marinofranz — Sun, 07 Jul 2024 22:18:57 GMT

I understand that they may use that as a precaution, but I have also tried obtaining an access token by starting the authentication flow on the production server, however, it returns a 403 after requesting a refresh token. I've made sure that my scopes are correct. Not only that, but I should not need a scope to request a new refresh / access token.

Re: 403 on valid access token using the authorization code flow

LambertSpot — Mon, 08 Jul 2024 08:23:43 GMT

Have you setup your redirect URIs correctly for your production machine (not just localhost)?

Re: 403 on valid access token using the authorization code flow

marinofranz — Mon, 08 Jul 2024 15:55:42 GMT

Yes, I have set up the redirects correctly. There should not be anything to change in the routes directly when switching from development to production.