Announcements

[All Platforms] Manage Third Party Access Permissions

Submitted by on ‎2015-11-22 06:42 AM
Status: Implemented

I imported all my songs from Rdio by granting access to 3rd party web apps like Mooval , now I want to stop them from SPYING on my activities.

 

How do we manage 3rd party application access to our account (revoke access to applications, so they can no longer access your account), something similar to the way Twitter does it, or Last.fm

 

It's misleading to have an ability to grant access with no way to revoke it. I would never have granted access to 3rd party apps if I had known that it was not possible to manage these access grants.

 

This actually puts me on the edge of flat out removing my Spotify account entirely because it's a huge breach of trust

 

I DON'T WANT to be DATA MINED BY OTHER COMPANIES and STRANGERS, Please let us remove SPYS like Google does:

 

Screen_shot_2012-01-29_at_6.40.08_PM_610x277.png

Updated: 2016-08-10

We’re happy to announce that you can now manage access to another app or integration with Spotify. Simply head to your account page and select Apps. You can click revoke access on things like partner apps. Thats it!



See more ideas labeled with:
Comments
blake
Community Legend
‎2015-11-22 04:43 PM
Status changed to: Implemented
Updated: 2015-11-22

Marked as New Idea and edited title to make it easier to find via search. This is a repost of the following inactive idea.



derkork
Newbie
‎2015-11-23 08:24 PM

I really can't believe you have to make a customer inquiry for this. This stuff is basic security. It's like having spotify to ask for a "change password" functionality. 

Rorey
Spotify
Spotify
‎2015-11-27 05:00 PM
Status changed to: Implemented
Updated: 2015-11-27

This is something we recognise and we're working on at the moment. We'll make sure to post an update to this thread when we have any new information.



fharper
Newbie
‎2015-12-11 07:15 PM

+1

 

Should be there by default even if not a lot of kudos: it's a security feature. Don't compromise on security!

 

Fred

Wingman4l7
Regular
‎2015-12-14 10:42 PM

It's possible that they don't offer management of this because third-party access is based on expiring tokens?  The Spotify API mentions the parameter expires_in for third party authentication; there is no maximum value mentioned, but examples use the value 3600 (it's in seconds, so that'd be an hour).  I've noticed I've had to re-authorize third party tools like the Spotify Playlists Deduplicator, so at least in some cases, permissions aren't kept forever.

Avalyst
Casual Listener
‎2015-12-18 03:14 PM

The fact that you see this as a feature request and not a serious security flaw in your implementation is insane. This isn't some feature for which people can gather support in the likes of "add function so and so", most people probably don't understand the security implications. If the page where you authorize apps would come with a massive warning saaying "Hey, this means that you give these permissions to this app forever regardless of who owns it or what its purpose is in the future" then you can bet that the interest for this feature would increase.

 

Note also that this request is over a year old, it's simply been re-submitted because it didn't receive enough kudos last time. Here is the old request https://community.spotify.com/t5/Closed-Ideas/Keybinding/idi-p/919849.

 

Embarassing!

fharper
Newbie
‎2015-12-23 07:57 PM

Even if there is expiration, it means that during the time application X has access to my Spotify account... they have access to my Spotify account, and there is nothing I can before the token expired.

abatistas1709
Newbie
‎2016-01-02 11:46 AM
It surprises me a lot to know that this basic security feature is not implemented. This should not wait for kudos. It must be implemented ASAP.
MarkyMarc
Casual Listener
‎2016-01-17 05:47 AM
This is unacceptable. I am shocked that such basic security aspect.
mwcone
Newbie
‎2016-01-17 09:39 PM

This really is astounding that A) there's no way to review permissions you've granted in the past, and B) they're so difficult to revoke. There's not even a clear way to submit a customer inquiry from the Spotify support site, so I either have to tweet them and hope for a reply, or submit an inquiry from a page that doesn't even provide a confirmation or ticket number.