topic Re: Wrong token generated in Spotify for Developers

Wrong token generated

Laremit — Fri, 17 Mar 2023 18:30:38 GMT

Hello I have a problem setting up a simple aplication.
The goal of this application is to enable anyone who has an url to my web app to adjust volume of my music playing ( mainly for neighbors , but the project goal is to educate mysef in spotify API and Nuxt.js ).

Im using 3 methods:
1. Getting the token using client_id and client_secret.
2. Getting devices to pre-fill input with current volume.
3. Sending a request to set new volume based on the input.

methods 2 and 3 work as intended if i hardcode tokens that i get from live test
for example : https://developer.spotify.com/console/get-users-available-devices/ and i use get token button. but the problem is that the first metod return an invalid token ( i get an error that username is invalid, I can't see what am I doing wrong. Client id and secret are generated from my spotify App. I belive that I'm really close to finishing this but I'm stuck at this step

Re: Wrong token generated

Ximzend — Fri, 17 Mar 2023 19:26:18 GMT

Generated access tokens are only valid for 60 minutes. Then you'll need a refresh token to get a new one. You can read more about it on this page.

To make things a lot easier, I recommend you to use a "Web API Wrapper".

Re: Wrong token generated

Laremit — Sat, 18 Mar 2023 09:26:35 GMT

I will check out that Wrapper for node, It seems a good idea.
But the token valid time has nothing to do with the problem I have, token are invalid the second they are generated, any idea why is that? I can provide more resources if needed

Re: Wrong token generated

Laremit — Sat, 18 Mar 2023 09:47:52 GMT

"Since [the Client Credentials] flow does not include authorization, only endpoints that do not access user information can be accessed."
That could be a problem.
Does endpoint

https://api.spotify.com/v1/me/player/devices

can be accessed with that ? (

If not, what other authorization method do you recommend for my case?
I will once more describe the user story of that:
AS an app creator I need the app to alter MY player and only my player,
AS an end user I need to have access without any logging in required, and be able to read current playback volume and set new one using input type="range".

All other Auth methods include a logging in by end user step that I don,t want since only my player needs to be affected.
So long story short, this app needs to allow every person on planet earth with a link to that app to alter MY volume XD

Re: Wrong token generated

Ximzend — Sat, 18 Mar 2023 11:42:12 GMT

You'll need to make a webpage that implements the Authorization code flow (shown here) that lets you log in with your credentials, and prints out an access token and a refresh token. The required scope is user-modify-playback-state. (If everything works, you can remove this page.)

You can store the access token and the refresh token in a file or database on your server. After that, you can make a client side page with volume controls that sends requests to a server-side script that uses those tokens to make a API request to control the volume. (Maybe there is more code required than I described.)

I am not familiar with the Node.js wrapper, but it must ve documented what it does or you should do when the access token expires.

If you get a new access token and/or refresh token, those should replace the old ones stored on your server. (If you don't get a new refresh token, you can reuse the old one.)

Re: Wrong token generated

Laremit — Sat, 18 Mar 2023 12:05:36 GMT

Thats a great suggestion and that is the approach I will take. Thank you so much for your insight in this, have a great day