Authentication API failing in production right now

Reply
Highlighted

Re: Authentication API failing in production right now

Regular
I changed usePKCE to false and it still works so I will keep that setting to conform to the Spotify spec. Thanks for the help.
Highlighted

Re: Authentication API failing in production right now

Casual Listener


https://accounts.spotify.com/authorize
  ?code_challenge=<some random challenge>
  &code_challenge_method=S256
  &redirect_uri=http%3A%2F%2Flocalhost%3A19006
  &client_id=<client id>
  &response_type=code
  &state=<random state>
  &scope=user-read-email%20user-read-private

The problem was the same as someone else mentioned: PKCE was inadvertently on; it has started working now!

Highlighted

Re: Authentication API failing in production right now

Music Fan
So if it works now, we don't need to change anything to prevent it from happening again, right?
Highlighted

Re: Authentication API failing in production right now

Spotify
Spotify

Thanks for sharing details, @ankerbachryhl @SleeplessByte @rohitganapathy @rogerchang1. We made an update to our authentication endpoints on Wednesday. The change was reversed on Friday.

 

We plan to re-introduce Wednesday's code change again later this week with a clearer error message. If your app uses the authorization code flow then please make sure that, when redirecting users to the /authorize endpoint, your app only uses query parameters that are documented in Spotify's OAuth guide. Adding extra query parameters (e.g. code_challenge or code_challenge_method) could cause your app to have compatibility problems again starting on Thursday. 

 

I hope this helps to clear things up - if you have any questions, feel free to ask them here in the thread 🙂

Highlighted

Re: Authentication API failing in production right now

Music Fan

Hey @spotifyjosh

Thank you for a heads up. I must admit this worries me since I have never used the authorization flow any other way than documented in your official docs. I also received an error message on the /api/token endpoint and it seems like you only mention changes in the /authorize endpoint? 

Is there any way that I could test my app with the newest endpoints before an official release? Since I would be very happy to avoid my app breaking in production again. I hope this is understandable. 

Best regards,

Anker

Highlighted

Re: Authentication API failing in production right now

Spotify
Spotify

Hi @ankerbachryhl,

 

I would suggest testing your app's installation flow as a new user and stopping after you are redirected to accounts.spotify.com/authorize. Take a look at the query parameters in the URL. You should see client_id, response_type, redirect_uri, and possibly state, scope, and/or show_dialog as described in the OAuth guide. 

Screenshot 2020-05-27 at 03.21.48.png

If there are extra query parameters in the URL (for example code_challenge) then, starting on Thursday, you could receive an error when your app tries to exchange the resulting code for an access token. Hope this helps!

Highlighted

Re: Authentication API failing in production right now

Music Fan

Is the new update released now?

SUGGESTED POSTS