Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
I want to play tracks for a user from a stand-alone application on a Windows computer. This application is written in Java. There doesn't appear to be a way to do the Authorization Code Flow for a user for this configuration. It looks like that can only be done from content hosted in a browser. Is that correct?
I can do the Client Credentials Flow but that does not authenticate a user and hence I cannot play a track for the user with that.
Plan
Premium
Country
US
Device
Laptop
Operating System
Windows 10
Solved! Go to Solution.
If I understand correctly, in response to the first API request, a browser is needed to display scopes and allow users to authorize the app. Subsequently, using what you suggest, the remaining steps (receiving the code, requesting tokens) can be done in the standalone app.
Yes, this is correct.
Is the browser requirement due to security?
Yes. Your app shouldn't have access to the Spotify user's username and password, so they need to login to their account in the browser. This process only needs to be done once. After that, you can refresh the access token as many times as you want.
You can implement the authorization code flow from any application. You will need to open the authorization URL in the browser, but you can register a custom URL scheme for your Windows application (you'll have to do your own research on how to do this) so that Spotify redirects to your application after the user accepts your authorization request.
Thanks. If I understand correctly, in response to the first API request, a browser is needed to display scopes and allow users to authorize the app. Subsequently, using what you suggest, the remaining steps (receiving the code, requesting tokens) can be done in the standalone app. This helps improve the user experience, but it is still not seamless. Ideally, the app would request authorization and the user would authorize from within the app without switching to a browser.
Is the browser requirement due to security? I am a newbie when it comes to security... can anyone provide insight on if that is the case and why?
If I understand correctly, in response to the first API request, a browser is needed to display scopes and allow users to authorize the app. Subsequently, using what you suggest, the remaining steps (receiving the code, requesting tokens) can be done in the standalone app.
Yes, this is correct.
Is the browser requirement due to security?
Yes. Your app shouldn't have access to the Spotify user's username and password, so they need to login to their account in the browser. This process only needs to be done once. After that, you can refresh the access token as many times as you want.
Got it. Thanks.
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game and get…