Announcements

Help Wizard

Step 1

NEXT STEP

Authorization Code Flow from stand-alone application

Solved!
Go to solution

Authorization Code Flow from stand-alone application

Avatar of umeshberry
Casual Listener
2022-09-29 01:28 AM

I want to play tracks for a user from a stand-alone application on a Windows computer. This application is written in Java. There doesn't appear to be a way to do the Authorization Code Flow for a user for this configuration. It looks like that can only be done from content hosted in a browser. Is that correct?

 

I can do the Client Credentials Flow but that does not authenticate a user and hence I cannot play a track for the user with that.

 

Plan

Premium

Country

US

Device

Laptop

Operating System

Windows 10

Reply

Accepted Solutions
Marked as solution

Avatar of Peter_Schorn
Roadie
2022-10-04 06:56 PM

If I understand correctly, in response to the first API request, a browser is needed to display scopes and allow users to authorize the app. Subsequently, using what you suggest, the remaining steps (receiving the code, requesting tokens) can be done in the standalone app.

Yes, this is correct.

 

Is the browser requirement due to security?

Yes. Your app shouldn't have access to the Spotify user's username and password, so they need to login to their account in the browser. This process only needs to be done once. After that, you can refresh the access token as many times as you want. 

View solution in original post

4 Replies

Avatar of Peter_Schorn
Roadie
2022-10-03 01:13 AM

You can implement the authorization code flow from any application. You will need to open the authorization URL in the browser, but you can register a custom URL scheme for your Windows application (you'll have to do your own research on how to do this) so that Spotify redirects to your application after the user accepts your authorization request.

Avatar of umeshberry
Casual Listener
2022-10-04 02:24 PM

Thanks. If I understand correctly, in response to the first API request, a browser is needed to display scopes and allow users to authorize the app. Subsequently, using what you suggest, the remaining steps (receiving the code, requesting tokens) can be done in the standalone app. This helps improve the user experience, but it is still not seamless. Ideally, the app would request authorization and the user would authorize from within the app without switching to a browser.

 

Is the browser requirement due to security? I am a newbie when it comes to security... can anyone provide insight on if that is the case and why?

0 Likes
Marked as solution

Avatar of Peter_Schorn
Roadie
2022-10-04 06:56 PM

If I understand correctly, in response to the first API request, a browser is needed to display scopes and allow users to authorize the app. Subsequently, using what you suggest, the remaining steps (receiving the code, requesting tokens) can be done in the standalone app.

Yes, this is correct.

 

Is the browser requirement due to security?

Yes. Your app shouldn't have access to the Spotify user's username and password, so they need to login to their account in the browser. This process only needs to be done once. After that, you can refresh the access token as many times as you want. 

Avatar of umeshberry
Casual Listener
2022-10-04 08:44 PM

Got it. Thanks.

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more