https://community.spotify.com/t5/Spotify-for-Developers/Scope-changes-after-token-refresh-403/m-p/7123641#M18775 <P><STRONG>Plan</STRONG></P><P>Premium</P><P><STRONG>Country</STRONG></P><P>Sweden</P><P>&nbsp;</P><P><STRONG>Device</STRONG></P><P>Intel Nuc</P><P><STRONG>Operating System</STRONG></P><P>Ubuntu 22.04</P><P>&nbsp;</P><P><STRONG>My Question or Issue</STRONG></P><P>I have an app that is under extended request quota. It's an app that daily gets a new spotify album id from another service for each user. It then creates (or update if i'ts an existing user) a playlist with the album. This code is run from my server every morning. Before any fetching or posting towards spotify is done i refresh the users authtoken, If i get a refreshtoken from the response i update the users refreshtoken, if there is no refreshtoken but only a authtoken i update the users authtoken.<BR /><BR />I have approximately 150 users and for most of them it works fine, they get their playlist updated. But at the moment I have approximately 20 users that after the Refresh Token flow they cannot Delete playlist items from their playlist or Add Playlist Items to the playlist. However fetching album, playlist or playlist items still works fine.<BR />The error I'm getting for DELETE and POST request is 403.<BR />The scope im using are&nbsp;<BR /><BR /></P><LI-CODE lang="csharp">var scope = "playlist-modify-private playlist-modify-public";</LI-CODE><P><BR /><BR />And is done like this:</P><LI-CODE lang="csharp">var queryParams = new Dictionary&lt;string, string?&gt; { { "response_type", "code" }, { "client_id", config["CLIENT_ID"] }, { "redirect_uri", config["REDIRECT_URI"] }, { "state", username }, { "scope", scope } }; var authorizationUrl = QueryHelpers.AddQueryString("https://accounts.spotify.com/authorize", queryParams); return Results.Redirect(authorizationUrl);</LI-CODE><P><BR /><BR /><BR />When the user signs up to my app the playlist is created and that has worked for every user. So in my mind, this has something to do with the refresh token somehow.<BR /><BR />Anybody that can point me in some direction or recognize this issue?<BR /><BR />Kind regards!</P><P><BR /><BR /></P> Tue, 09 Sep 2025 11:45:27 GMT simpamusic 2025-09-09T11:45:27Z https://community.spotify.com/t5/Spotify-for-Developers/Scope-changes-after-token-refresh-403/m-p/7123641#M18775 <P><STRONG>Plan</STRONG></P><P>Premium</P><P><STRONG>Country</STRONG></P><P>Sweden</P><P>&nbsp;</P><P><STRONG>Device</STRONG></P><P>Intel Nuc</P><P><STRONG>Operating System</STRONG></P><P>Ubuntu 22.04</P><P>&nbsp;</P><P><STRONG>My Question or Issue</STRONG></P><P>I have an app that is under extended request quota. It's an app that daily gets a new spotify album id from another service for each user. It then creates (or update if i'ts an existing user) a playlist with the album. This code is run from my server every morning. Before any fetching or posting towards spotify is done i refresh the users authtoken, If i get a refreshtoken from the response i update the users refreshtoken, if there is no refreshtoken but only a authtoken i update the users authtoken.<BR /><BR />I have approximately 150 users and for most of them it works fine, they get their playlist updated. But at the moment I have approximately 20 users that after the Refresh Token flow they cannot Delete playlist items from their playlist or Add Playlist Items to the playlist. However fetching album, playlist or playlist items still works fine.<BR />The error I'm getting for DELETE and POST request is 403.<BR />The scope im using are&nbsp;<BR /><BR /></P><LI-CODE lang="csharp">var scope = "playlist-modify-private playlist-modify-public";</LI-CODE><P><BR /><BR />And is done like this:</P><LI-CODE lang="csharp">var queryParams = new Dictionary&lt;string, string?&gt; { { "response_type", "code" }, { "client_id", config["CLIENT_ID"] }, { "redirect_uri", config["REDIRECT_URI"] }, { "state", username }, { "scope", scope } }; var authorizationUrl = QueryHelpers.AddQueryString("https://accounts.spotify.com/authorize", queryParams); return Results.Redirect(authorizationUrl);</LI-CODE><P><BR /><BR /><BR />When the user signs up to my app the playlist is created and that has worked for every user. So in my mind, this has something to do with the refresh token somehow.<BR /><BR />Anybody that can point me in some direction or recognize this issue?<BR /><BR />Kind regards!</P><P><BR /><BR /></P> Tue, 09 Sep 2025 11:45:27 GMT https://community.spotify.com/t5/Spotify-for-Developers/Scope-changes-after-token-refresh-403/m-p/7123641#M18775 simpamusic 2025-09-09T11:45:27Z