Authentication API failing in production right now

Reply
Highlighted

Re: Authentication API failing in production right now

Spotify Legend

Is this resolved now or do you still experience issues during the auth_code exchange?

Highlighted

Re: Authentication API failing in production right now

Music Fan

Hey it seems to be working now! any idea what the issue was?

Highlighted

Re: Authentication API failing in production right now

Regular
It is working for me now as well. I would also like to know what changed.
Highlighted

Re: Authentication API failing in production right now

Spotify Legend

what library are you using for the authorization_code flow?

is it https://github.com/FormidableLabs/react-native-app-auth/ ?

Highlighted

Re: Authentication API failing in production right now

Regular
Yes that is the one I am using
Highlighted

Re: Authentication API failing in production right now

Spotify Legend

Thanks. I suspect that this library (still investigating) doesn't fully follow the PKCE spec [1].

 

Would it be possible to share the exact query params you are passing to the /authorize endpoint?

And also what (post) params you are setting (skip client secret of course) when calling the api/token?grant_type=?authorization_code

 

Having a concrete example (that used to fail but is working now) might help here.

 

[1] https://tools.ietf.org/html/rfc7636

Highlighted

Re: Authentication API failing in production right now

Regular
This is what the library is sending to /authorize

https://accounts.spotify.com/authorize?nonce=******&response_type=code&code_challenge_method=S256&sc...

For the api/token endpoint, I am using the same code as the glitch app.
spotifyApi.authorizationGrantCode(code)

Let me know if you need any more details.
Highlighted

Re: Authentication API failing in production right now

Spotify Legend

Ok, that explain a lot.

The first call (the /authorize call), where you obtain the auth code is using the PKCE extension grant_type because you are supplying the code_challenge and code_challenge_method pkce query parameters. I can't find any documentation on https://developer.spotify.com/documentation/general/guides/authorization-guide/ that mentions PKCE. 

 

Then in the second call you are not doing it according to the PKCE spec afaict from

https://github.com/thelinmichael/spotify-web-api-node/blob/2fcd60c30368255dab658b534b4229909ace5d43/...

 

I would recommend to set the usePKCE (default true) (from https://github.com/FormidableLabs/react-native-app-auth/blob/197cf6fa4072f5de788ebee87741be4bd8aadbc...) to false.

 

Highlighted

Re: Authentication API failing in production right now

Regular
thanks for confirming. I will try your recommendation.
But, why is it working now? Did something change?
Highlighted

Re: Authentication API failing in production right now

Music Fan

Everything works fine for me now too even though I changed nothing. Was this a Spotify problem or can I change anything backstage to prevent it from happening again?

 

I'm using expo client to obtain the code and then Axios javascript library to obtain my token. 

SUGGESTED POSTS