Help Wizard

Step 1



Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...


Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...


Authorization with permanent username and pw

Authorization with permanent username and pw

I am building a playlist curation app using the API. Currently, I use the oauth workflow.


However, for my use case, it does not matter who the literal user is. My users can make playlists on my personal account, for all I care. I would use the 'implicit grant' auth flow, but I need to have a list of permissions.


How can I authorize other users to curate playlists in my Spotify account?


Here is a snippet.



def login():
    state = generate_random_string(16)
    scope = "user-follow-read,user-modify-playback-state,playlist-read-private,playlist-modify-private,user-library-read"
    return redirect('' +
                'response_type': 'code',
                'client_id': client_id,
                'scope': scope,
                'redirect_uri': redirect_uri,
                'state': state




5 Replies

It can't be done with a Authorization Token and a Refresh Token, that you'll need to generate using the Authorization Code Flow.

You'll need to create a page that sends you to the Spotify app authorization page, and prints out those tokens. You'll need to store these tokens on your server, so that your server side script can use them.

When the Authorization Token is expired, the token can be refreshed with the Refresh Token. When the Refresh Token is expired, you'll also get a new one of those. Store the new token(s) in the place of the old once.

Thank you, I'm currently using the Authorization Code Flow. This redirects my user to login and give my app permissions. The issue with this is that I don't need to access their information or make changes in their account. 


I want them to be able to mess around in my account.

 The next step is to let your app print out the Access Token and a Refresh Token. Your app needs those tokens to make changes on behave of you.

You can read how to refresh an Access Token at the same page.

(If everything works, you can archive the login page you've used to get the tokens.)

According to your example, the end-user still needs to login and authorize Spotify. Correct?

The owner of the playlists needs to log in once to get the required tokens.

Suggested posts