Announcements

Help Wizard

Step 1

NEXT STEP

405 Error when trying to getToken with code

405 Error when trying to getToken with code

I am using the Autorization Code with PKCE Flow method of logging in with spotify using react native. I get a successful response from spotify containing the code after the user logs in; however, when I try to get the access and refresh tokens using the code I am getting an error. Here is my code: 

 

 

 

 

    const getToken = async (code, codeVerifier, clientId, redirectUri) => {      
        const payload = {
          method: 'POST',
          headers: {
            'Content-Type': 'application/x-www-form-urlencoded',
          },
          body: new URLSearchParams({
            client_id: clientId,
            grant_type: 'authorization_code',
            code,
            redirect_uri: redirectUri,
            code_verifier: codeVerifier,
          }),
        }
        const url = 'https://accounts.spotify.com/authorize';
        const body = await fetch(url, payload);
        console.log('body');
        console.log(body);
        const response = await body.json();
      
        console.log(response);
        return response;
      }ew URLSearchParams({

 

 

 

 

The code, codeVerifier, clientId, and redirectUri are all valid. The value of Body is 

 

 

 

 

{"_bodyBlob": {"_data": {"__collector": [Object], "blobId": "3193B7D6-CFDB-4C0E-9A11-AEDA95E29DF5", "name": "authorize.html", "offset": 0, "size": 891, "type": "text/html"}}, "_bodyInit": {"_data": {"__collector": [Object], "blobId": "3193B7D6-CFDB-4C0E-9A11-AEDA95E29DF5", "name": "authorize.html", "offset": 0, "size": 891, "type": "text/html"}}, "bodyUsed": false, "headers": {"map": {"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"ze.html", "offset": 0, "size": 891, "type": "text/html"}}, "bodyUsed": false, "headers": {"map": {"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000", "content-encoding": "gzip", "content-security-policy": "default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://content-access.spotifycdn.com data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ingest.sentry.io/;", "content-type": "text/html; charset=utf-8", "date": "Tue, 20 Feb 2024 04:32:11 GMT", "server": "envoy", "sp-trace-id": "093cd900b7bc78e3", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "via": "HTTP/2 edgeproxy, 1.1 google", "x-content-security-policy": "default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://content-access.spotifycdn.com data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ingest.sentry.io/;", "x-content-type-options": "nosniff", "x-envoy-upstream-service-time": "11"}}, "ok": false, "status": 405, "statusText": "", "type": "default", "url": "https://accounts.spotify.com/authorize"}

 

 

 

 

 At the bottom status is set to 405, in Spotify's documentation it says that it will be 200 if the request worked. I am not sure what would cause this error and I am wondering if anyone has any ideas. Thanks

Reply
2 Replies

Facing the same issue, did you find a way out?

Unfortunately ended up having to do it without the PKCE extension. That worked just fine but at the cost of a less secure application. Our project was simply a school project so that was fine for us.

Suggested posts