topic Scope hidding in Spotify for Developers https://community.spotify.com/t5/Spotify-for-Developers/Scope-hidding/m-p/5582798#M9260 <P><STRONG>Device</STRONG></P><P>Windows 10</P><P><STRONG>Operating System</STRONG></P><P>(iOS 10, Android&nbsp;Oreo, Windows 10,etc.)</P><P>&nbsp;</P><P><STRONG>My Question or Issue</STRONG></P><P>&nbsp;</P><P><SPAN>Hello,</SPAN></P><DIV>&nbsp;</DIV><DIV>I was doing&nbsp;some tests with spotify api, and I've found a way to hide the scopes a user allows an application to use when you access<SPAN>&nbsp;</SPAN><A href="http://accounts.spotify.com/authorize" target="_blank" rel="noopener">accounts.spotify.com/authorize</A><SPAN>&nbsp;</SPAN>to get the tokens. For example, an application can ask to be able to see the user's public information, but at the end, the application gets a token to see the user's private information.</DIV><DIV>&nbsp;</DIV><DIV>In the pictures attached, we see that the application is asking for being able to modify playlist.<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.spotify.com/t5/image/serverpage/image-id/157587i79AAA994F68E20C6/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></DIV><DIV>But, in reality I asked for :<UL class=""><LI><A class="" href="https://developer.spotify.com/documentation/web-api/concepts/scopes#user-read-email" target="_blank" rel="noopener">user-read-email</A></LI><LI><A class="" href="https://developer.spotify.com/documentation/web-api/concepts/scopes#user-read-private" target="_blank" rel="noopener">user-read-private</A></LI></UL><P>And so I get (I've hidden the tokens) :</P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.spotify.com/t5/image/serverpage/image-id/157589iB005C51DE3656278/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span><P> </P><P>even if the <A href="https://accounts.spotify.com/" target="_blank" rel="noopener">https://accounts.spotify.com/</A>authorize&nbsp;was not showing it.</P><P>&nbsp;</P></DIV><DIV>I don't know if this is already known or&nbsp;if it&nbsp;is not important, but if not you can contact me back, so I could explain to you the technical details.&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Best regards.</DIV> Wed, 17 May 2023 22:39:27 GMT thascoet 2023-05-17T22:39:27Z Scope hidding https://community.spotify.com/t5/Spotify-for-Developers/Scope-hidding/m-p/5582798#M9260 <P><STRONG>Device</STRONG></P><P>Windows 10</P><P><STRONG>Operating System</STRONG></P><P>(iOS 10, Android&nbsp;Oreo, Windows 10,etc.)</P><P>&nbsp;</P><P><STRONG>My Question or Issue</STRONG></P><P>&nbsp;</P><P><SPAN>Hello,</SPAN></P><DIV>&nbsp;</DIV><DIV>I was doing&nbsp;some tests with spotify api, and I've found a way to hide the scopes a user allows an application to use when you access<SPAN>&nbsp;</SPAN><A href="http://accounts.spotify.com/authorize" target="_blank" rel="noopener">accounts.spotify.com/authorize</A><SPAN>&nbsp;</SPAN>to get the tokens. For example, an application can ask to be able to see the user's public information, but at the end, the application gets a token to see the user's private information.</DIV><DIV>&nbsp;</DIV><DIV>In the pictures attached, we see that the application is asking for being able to modify playlist.<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.spotify.com/t5/image/serverpage/image-id/157587i79AAA994F68E20C6/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></DIV><DIV>But, in reality I asked for :<UL class=""><LI><A class="" href="https://developer.spotify.com/documentation/web-api/concepts/scopes#user-read-email" target="_blank" rel="noopener">user-read-email</A></LI><LI><A class="" href="https://developer.spotify.com/documentation/web-api/concepts/scopes#user-read-private" target="_blank" rel="noopener">user-read-private</A></LI></UL><P>And so I get (I've hidden the tokens) :</P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.spotify.com/t5/image/serverpage/image-id/157589iB005C51DE3656278/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span><P> </P><P>even if the <A href="https://accounts.spotify.com/" target="_blank" rel="noopener">https://accounts.spotify.com/</A>authorize&nbsp;was not showing it.</P><P>&nbsp;</P></DIV><DIV>I don't know if this is already known or&nbsp;if it&nbsp;is not important, but if not you can contact me back, so I could explain to you the technical details.&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Best regards.</DIV> Wed, 17 May 2023 22:39:27 GMT https://community.spotify.com/t5/Spotify-for-Developers/Scope-hidding/m-p/5582798#M9260 thascoet 2023-05-17T22:39:27Z