I'm a bit baffled at the moment and hoping someone on the forum can point me in the right direction.
I've written and re-written this at least 10 times and I don't even know what to ask at this point. I've encountered so many strange issues, but I'll post the most recent one.
I have a user that has authenticated my application. The steps to granting that authentication is the same for everyone else that uses it (scopes are all identical). Every user works as expected except this particular user (this only started happening as of today, the user in question had previously worked without fail for over a year). This user now returns a 403 when pinging any of the Spotify endpoints (such as 'now-playing'). Now, that would seem like a simple bad token issue, right? Except I can regenerate their access token without issue. Pass their refresh token and it returns an appropriate Bearer token (I've tested this exact same process for every other user and they all can access the relevant endpoints). I've confirmed everything I can think of on their end (I've had them revoke access and re-authenticate, confirm their email is the same as what I have whitelisted and confirm they're still on a paid plan [just in case]) and still 403.
Now, if that was it ... maybe I'm just an **bleep**. But here's the rub. If I revoke this user's access via my dashboard (ie: remove the whitelisted email) and then re-add them, that same process (passing refresh to get access, then use said access for a given endpoint) will work ONCE. That's right, everything works as expected ... once. Try it again, literal seconds later with the same exact access token that JUST worked? Back to 403. Request a new access token, still 403. Again, I repeated the SAME EXACT steps just described for every other user that has authenticated the app and none of them have this issue (ie: I never return a 403).
Now, if that happened just the one time, again, maybe we can chalk it up to randomness / weirdness. But I can continuously revoke their whitelisted access and re-add them and it will without fail work one time and then go back to 403 until I revoke them again.
So ya, any help would be appreciated.