Authentication API failing in production right now

Reply

Authentication API failing in production right now

ankerbachryhl
Music Fan

Hey Spotify,

 

I'm using your authentication api to register all my users and everything worked fine since yesterday. I just launced a big ad campaign and suddenly no new users or current ones can sign in and all the api returns are: 400 - 'invalid_request' without any error description or ENOTFOUND accounts.spotify.com. This happens when I'm requesting the authorization_code via: https://accounts.spotify.com/api/token.

 

But as I said everything worked fine since yesterday.

What is wrong?

 

I sincerely hope you can help me out. I'm losing users by the minute.

Regards,

 

Anker

 

40 Replies

Erik_thomas
Visitor
I'm experiencing the exact same issue right now. This is very troublesome and it's costing me a lot of users. What is happening?

rohitganapathy
Gig Goer

Me too. I'm getting an authorisation code but not able to swap it for an access token. What is the response you guys see? is it similar to this =>

 {'error': 'invalid_request', 'error_description': ''}

ankerbachryhl
Music Fan
Yes excactly. That or ENOTFOUND accounts.spotify.com. Both are happening for me. It must be a problem on Spotify's end since it worked fine up until today.

rohitganapathy
Gig Goer

@Spotify you are a brilliant company, with an amazing bunch of dev friendly APIs but please fix this asap coz we be crapping our pants 😛

ankerbachryhl
Music Fan

@Spotify and @SpotifyJosh,

 

15 hours have gone by and still, nothing has happened. The error is still occurring and while I'm trending on the danish App Store none of my new users can sign up nor sign in. This is catastrophic for my whole startup. I sincerely hope you can help get this resolved asap as I'm having an event in a couple of hours with 1000's of new users. Please help.

 

Regards,

 

Anker

spotifyjosh
Spotify
Spotify

Hi @ankerbachryhlSorry to hear about the difficulty you have been having here. The OAuth endpoints are working normally, from what we can see. Are you receiving the ENOTFOUND error most often, or are you receiving the 400 series error more often? Is your app open source by chance?

ankerbachryhl
Music Fan

Hi @spotifyjosh

 

Thank you for your reply. I'm afraid my app is not open source, but I can provide a detailed description here.

 

Today I'm receiving the 400 error most often. I receive the error with the following response: { error: 'invalid_request', error_description: '' }

I'm only receiving the error when I try to call the https://accounts.spotify.com/api/token endpoint with the grant_type of "authorization_code". Every other web API call is working as usual and I'm able to receive the authorization code too. It's only when trying to get the token it fails. 

Here is my full call:

 

axios({
        url: "https://accounts.spotify.com/api/token",
        method: "post",
        crossDomain: true,
        params: {
          grant_type: "authorization_code",
          code: code,
          redirect_uri: redUrl,
          client_id: CLIENT_ID,
          client_secret: CLIENT_SECRET,
        },
        headers: {
          "Content-Type": "application/x-www-form-urlencoded",
        },
      });

 

 And here is the error:

 

method: 'POST',
      path: '/api/token?grant_type=authorization_code&code=AQBi3r8CLkJfD7ZgLyKp17l1ltNcPlA_igKjMyvk0tovAMC3TquRyyWfTVE7EKv98sw2IshZHNldm_IKnIZwFA2nC6ZRA6SIXRV_HiZKV14pcOBhO-33gXQdo70zMYaL6-dkTGhnqgNR0Q2tKWI3bd8CH_8faWaOnK2FKheYrvHWUf3OpgxjxtEHg5B2OS4dXW7PopoicQJhEDCBEbBKExfJDT9KQcAG8PaGNUPLKQVtYhurXBuN_eDBSmWK3Ck1JBrRzIiUBnZPkj8kyi19yXVd1mYdghlBFXAqKot7tEM97ZBwmVxSnq9ESdHBdSEXZnJMgYuWZBz6oX_99auPK3KA0nn_pnMfZCc2DFex75DxemPXag7cfIsRlJCheDc064dm0PVJKtRyfV0ok6i7EaS46Fd_9x-8dIyjEmvG8GuxEEJ-DQ85X1I5JSwXlJgN5natsBX8IBFWQizj&redirect_uri=https:%2F%2Fauth.expo.io%2F@ankerbachryhl%2Fqueue-app&client_id=01f3050a33d549ac93e44ff41727ae1a&client_secret=d5785527ce0045559f50c0d335642964',
      _ended: true,
      res: [IncomingMessage],
      aborted: false,
      timeoutCb: null,
      upgradeOrConnect: false,
      parser: null,
      maxHeadersCount: null,
      _redirectable: [Writable],
      [Symbol(kNeedDrain)]: false,
      [Symbol(isCorked)]: false,
      [Symbol(kOutHeaders)]: [Object: null prototype]
    },
    data: { error: 'invalid_request', error_description: '' }
  },

 


As I said earlier everything was working fine up until 3pm yesterday where I received the 400 error for the first time. It has then failed since. I have not changed any code or done any server work. Hence why I believe it must be an error on the Spotify API OAuth side. 

ankerbachryhl
Music Fan

Hi @spotifyjosh

 

Thank you for your reply. I'm afraid my app is not open source, but I can provide a detailed description here. I can't include any code here though, since everytime I try it gets marked as spam and my message gets deleted. So please provide an e-mail if you need my API calls.

 

Today I'm receiving the 400 error most often. I receive the error with the following response: { error: 'invalid_request', error_description: '' }

I'm only receiving the error when I try to call the https://accounts.spotify.com/api/token endpoint with the grant_type of "authorization_code". Every other web API call is working as usual and I'm able to receive the authorization code too. It's only when trying to get the token it fails. 

As I said earlier everything was working fine up until 3pm yesterday where I received the 400 error for the first time. It has then failed since. I have not changed any code or done any server work. Hence why I believe it must be an error on the Spotify API OAuth side. 

spotifyjosh
Spotify
Spotify

I hear you - that sounds frustrating @ankerbachryhl. We have some open source code samples that use the authorization code flow. Have you tried remixing this Glitch sample app? It might be that you can compare this implementation with your app and find the problem that way.

rohitganapathy
Gig Goer

hey @spotifyjosh. This seemed to be working perfectly until yesterday. Absolutely nothing has changed in the code from our end. We've checked everything. the client id, secret, scopes, urls.We also are able to get an authorisation code but token swap is failing. Also played around with different accounts but to no avail. I seem to be consistently getting the following error : {'error': 'invalid_request', 'error_description': ''}.   What's peculiar is that there is no description. While we are not in the anxious predicament that @ankerbachryhl finds himself in, it is nonetheless frustrating since our dev work has been put on hold. 

rogerchang1
Regular

I am experiencing the same thing since yesterday. We haven't changed anything either. After we get the code from the call to /authorize, I get the following when exchanging it for an access/refresh at /api/token.

 

{
    "error": "invalid_request",
    "error_description": ""
}

 

I can provide some cURLs if that will help with diagnosis.  

spotifyjosh
Spotify
Spotify

Hey @rogerchang1 and @rohitganapathy. Are your apps open source? If so, you can link to them in the thread here and I'll take a look. You might also want to try the Glitch sample app that I linked to above. Let me know if this template is not working for you: https://glitch.com/~spotify-authorization-code

rohitganapathy
Gig Goer
Hey josh . So I have another app hooked up to the same Spotify API App but linked to a different redirect uri and OAuth seems to be working perfectly fine there. The glitch app doesn't help because our code is the same for both these apps but it works with one and not the other. My app is not open source but I can can get you the required screenshots and metadata you might need to investigate this? As mentioned earlier. I'm able to get an authorization code. So it basically boils down to the /token endpoint. Could this be a case of authorisation code being intercepted or something? Also do you have any idea why the error description is blank? Thanks for the reply. Stay safe and take care. Times are rough.

rohitganapathy
Gig Goer

I just tried creating another Spotify API App. Which means a new client ID and secret. Still getting the same error. In case that helps

rogerchang1
Regular
I tried the glitch app and it works there. However, my app is a react-native app with a redirect_uri back to the app. Another difference is I am using react-native-app-auth to authorize instead of calling spotifyApi.createAuthorizeUrl(). I've configured it similar to the second snippet where the tokenEndpoint points back to my server
https://github.com/FormidableLabs/react-native-app-auth/blob/master/docs/config-examples/spotify.md
Could it be possible that react-native-app-auth is passing different parameters to the spotify authorize url causing the code returned to not work?

rogerchang1
Regular
@spotifyjosh,
Actually, if I use the first configuration where I keep the secret in the app and set the tokenEndpoint to https://accounts.spotify.com/api/token, (like the first example here https://accounts.spotify.com/api/token) it works fine. I'm very puzzled. Is there any way to check the logs? I can give you whatever information is needed.

rohitganapathy
Gig Goer
hey my scenario is exactly the same! React native app + react native app auth hooked to a Django backend with the token swap happening on the Django server.

SleeplessByte
Casual Listener

Uhm.

 

Even de cURL example from the documentation (replaced with correct values) fails with the exact same nondescript error. 

 

Specifically it's the token exchange that fails. 

 

 

spotifyjosh
Spotify
Spotify

@rogerchang1 wrote:
Could it be possible that react-native-app-auth is passing different parameters to the spotify authorize url causing the code returned to not work?

Yes that could be the problem, @rogerchang1. Spotify does not support PKCE.  


@SleeplessByte, welcome to the forum. Which URL parameters did you include in the authorization request URI? 

SUGGESTED POSTS