Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
Please see below the most popular frequently asked questions.
Loading article...
Loading faqs...
Please see below the current ongoing issues which are under investigation.
Loading issue...
Loading ongoing issues...
Hey Spotify,
I'm using your authentication api to register all my users and everything worked fine since yesterday. I just launced a big ad campaign and suddenly no new users or current ones can sign in and all the api returns are: 400 - 'invalid_request' without any error description or ENOTFOUND accounts.spotify.com. This happens when I'm requesting the authorization_code via: https://accounts.spotify.com/api/token.
But as I said everything worked fine since yesterday.
What is wrong?
I sincerely hope you can help me out. I'm losing users by the minute.
Regards,
Anker
To be extra clear, I mean which query parameter keys does your app include after https://accounts.spotify.com/authorize? For example: show_dialog, scope 🙂
Is this resolved now or do you still experience issues during the auth_code exchange?
Hey it seems to be working now! any idea what the issue was?
what library are you using for the authorization_code flow?
is it https://github.com/FormidableLabs/react-native-app-auth/ ?
Thanks. I suspect that this library (still investigating) doesn't fully follow the PKCE spec [1].
Would it be possible to share the exact query params you are passing to the /authorize endpoint?
And also what (post) params you are setting (skip client secret of course) when calling the api/token?grant_type=?authorization_code
Having a concrete example (that used to fail but is working now) might help here.
Ok, that explain a lot.
The first call (the /authorize call), where you obtain the auth code is using the PKCE extension grant_type because you are supplying the code_challenge and code_challenge_method pkce query parameters. I can't find any documentation on https://developer.spotify.com/documentation/general/guides/authorization-guide/ that mentions PKCE.
Then in the second call you are not doing it according to the PKCE spec afaict from
I would recommend to set the usePKCE (default true) (from https://github.com/FormidableLabs/react-native-app-auth/blob/197cf6fa4072f5de788ebee87741be4bd8aadbc...) to false.
Everything works fine for me now too even though I changed nothing. Was this a Spotify problem or can I change anything backstage to prevent it from happening again?
I'm using expo client to obtain the code and then Axios javascript library to obtain my token.
https://accounts.spotify.com/authorize
?code_challenge=<some random challenge>
&code_challenge_method=S256
&redirect_uri=http%3A%2F%2Flocalhost%3A19006
&client_id=<client id>
&response_type=code
&state=<random state>
&scope=user-read-email%20user-read-private
The problem was the same as someone else mentioned: PKCE was inadvertently on; it has started working now!
Thanks for sharing details, @ankerbachryhl @SleeplessByte @rohitganapathy @rogerchang1. We made an update to our authentication endpoints on Wednesday. The change was reversed on Friday.
We plan to re-introduce Wednesday's code change again later this week with a clearer error message. If your app uses the authorization code flow then please make sure that, when redirecting users to the /authorize endpoint, your app only uses query parameters that are documented in Spotify's OAuth guide. Adding extra query parameters (e.g. code_challenge or code_challenge_method) could cause your app to have compatibility problems again starting on Thursday.
I hope this helps to clear things up - if you have any questions, feel free to ask them here in the thread 🙂
Hey @spotifyjosh
Thank you for a heads up. I must admit this worries me since I have never used the authorization flow any other way than documented in your official docs. I also received an error message on the /api/token endpoint and it seems like you only mention changes in the /authorize endpoint?
Is there any way that I could test my app with the newest endpoints before an official release? Since I would be very happy to avoid my app breaking in production again. I hope this is understandable.
Best regards,
Anker
Hi @ankerbachryhl,
I would suggest testing your app's installation flow as a new user and stopping after you are redirected to accounts.spotify.com/authorize. Take a look at the query parameters in the URL. You should see client_id, response_type, redirect_uri, and possibly state, scope, and/or show_dialog as described in the OAuth guide.
If there are extra query parameters in the URL (for example code_challenge) then, starting on Thursday, you could receive an error when your app tries to exchange the resulting code for an access token. Hope this helps!
Is the new update released now?
@ankerbachryhl wrote:
Is the new update released now?
Hi @ankerbachryhl, yes. Spotify's OAuth system was updated late last week.
Hi @spotifyjosh
I'm glad. My app is still working then with the newly updated API and the regular Spotify login flow.
I do still have users reporting issues when using Facebook in the Spotify OAuth flow. This has also only really happened after the API update.
Is this a known issue?
Best regards,
Anker
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game and get…