Need help? Check out Spotify Answers for solutions to a wide range of topics.
Is this resolved now or do you still experience issues during the auth_code exchange?
Hey it seems to be working now! any idea what the issue was?
what library are you using for the authorization_code flow?
is it https://github.com/FormidableLabs/react-native-app-auth/ ?
Thanks. I suspect that this library (still investigating) doesn't fully follow the PKCE spec .
Would it be possible to share the exact query params you are passing to the /authorize endpoint?
And also what (post) params you are setting (skip client secret of course) when calling the api/token?grant_type=?authorization_code
Having a concrete example (that used to fail but is working now) might help here.
Ok, that explain a lot.
The first call (the /authorize call), where you obtain the auth code is using the PKCE extension grant_type because you are supplying the code_challenge and code_challenge_method pkce query parameters. I can't find any documentation on https://developer.spotify.com/documentation/general/guides/authorization-guide/ that mentions PKCE.
Then in the second call you are not doing it according to the PKCE spec afaict from
I would recommend to set the usePKCE (default true) (from https://github.com/FormidableLabs/react-native-app-auth/blob/197cf6fa4072f5de788ebee87741be4bd8aadbc...) to false.
Everything works fine for me now too even though I changed nothing. Was this a Spotify problem or can I change anything backstage to prevent it from happening again?