https://community.spotify.com/t5/Spotify-for-Developers/Is-a-persistent-user-scoped-token-possible/m-p/5321346#M3852 <P>Hey everyone, I am building a feature on my website that would render my top ten played songs from the&nbsp;<A title="Get User's Top Items Get User’s Top Items" href="https://developer.spotify.com/console/get-current-user-top-artists-and-tracks/?type=tracks&amp;time_range=&amp;limit=&amp;offset=" target="_blank" rel="noopener">Get User's Top Items endpoint.</A>&nbsp;Right now it's working fine with my Bearer hardcoded as an environment variable, however, as soon as that expires my app completely breaks. I was curious as to if there was something similar to Twitter that will allow an app to be scoped to a user (the user that creates the application) however the tokens don't expire and are server to server only (so no OAuth flow).</P><P>&nbsp;</P><P>I noticed the client credentials flow&nbsp;<A href="https://developer.spotify.com/documentation/general/guides/authorization/client-credentials/" target="_blank">https://developer.spotify.com/documentation/general/guides/authorization/client-credentials/</A>&nbsp;existed, but it has a heavy emphasis on not having any user scope so naturally I haven't given this a go.</P><P>&nbsp;</P><P>Thank you and happy new year.</P> Thu, 30 Dec 2021 01:26:14 GMT alsoalistair 2021-12-30T01:26:14Z https://community.spotify.com/t5/Spotify-for-Developers/Is-a-persistent-user-scoped-token-possible/m-p/5321346#M3852 <P>Hey everyone, I am building a feature on my website that would render my top ten played songs from the&nbsp;<A title="Get User's Top Items Get User’s Top Items" href="https://developer.spotify.com/console/get-current-user-top-artists-and-tracks/?type=tracks&amp;time_range=&amp;limit=&amp;offset=" target="_blank" rel="noopener">Get User's Top Items endpoint.</A>&nbsp;Right now it's working fine with my Bearer hardcoded as an environment variable, however, as soon as that expires my app completely breaks. I was curious as to if there was something similar to Twitter that will allow an app to be scoped to a user (the user that creates the application) however the tokens don't expire and are server to server only (so no OAuth flow).</P><P>&nbsp;</P><P>I noticed the client credentials flow&nbsp;<A href="https://developer.spotify.com/documentation/general/guides/authorization/client-credentials/" target="_blank">https://developer.spotify.com/documentation/general/guides/authorization/client-credentials/</A>&nbsp;existed, but it has a heavy emphasis on not having any user scope so naturally I haven't given this a go.</P><P>&nbsp;</P><P>Thank you and happy new year.</P> Thu, 30 Dec 2021 01:26:14 GMT https://community.spotify.com/t5/Spotify-for-Developers/Is-a-persistent-user-scoped-token-possible/m-p/5321346#M3852 alsoalistair 2021-12-30T01:26:14Z https://community.spotify.com/t5/Spotify-for-Developers/Is-a-persistent-user-scoped-token-possible/m-p/5322150#M3859 <P>The Authorization Code Flow and the Authorization Code Flow with Proof Key for Code Exchange both allow you to authorize with a specific user ("<SPAN>user-scoped token").&nbsp; You can then refresh this token every hour without any user input. In that sense, the authorization never expires. Just read the <A href="https://developer.spotify.com/documentation/general/guides/authorization/" target="_self">authorization guide</A>.&nbsp;</SPAN></P> Sat, 01 Jan 2022 22:40:05 GMT https://community.spotify.com/t5/Spotify-for-Developers/Is-a-persistent-user-scoped-token-possible/m-p/5322150#M3859 Peter_Schorn 2022-01-01T22:40:05Z