Announcements

Help Wizard

Step 1

NEXT STEP

Authorization with permanent username and pw

Authorization with permanent username and pw

Avatar of mashmia
Music Fan
2023-04-04 12:47 AM

I am building a playlist curation app using the API. Currently, I use the oauth workflow.

 

However, for my use case, it does not matter who the literal user is. My users can make playlists on my personal account, for all I care. I would use the 'implicit grant' auth flow, but I need to have a list of permissions.

 

How can I authorize other users to curate playlists in my Spotify account?

 

Here is a snippet.

 

 

un='musicfan'
pw='<>**bleep**('/login')
def login():
    state = generate_random_string(16)
    scope = "user-follow-read,user-modify-playback-state,playlist-read-private,playlist-modify-private,user-library-read"
    return redirect('https://accounts.spotify.com/authorize?' +
            urlencode({
                'response_type': 'code',
                'client_id': client_id,
                'scope': scope,
                'redirect_uri': redirect_uri,
                'state': state
            }))

 

 

 

0 Likes
Reply
5 Replies

Avatar of Ximzend
Roadie
2023-04-04 06:47 PM

It can't be done with a Authorization Token and a Refresh Token, that you'll need to generate using the Authorization Code Flow.

You'll need to create a page that sends you to the Spotify app authorization page, and prints out those tokens. You'll need to store these tokens on your server, so that your server side script can use them.

When the Authorization Token is expired, the token can be refreshed with the Refresh Token. When the Refresh Token is expired, you'll also get a new one of those. Store the new token(s) in the place of the old once.

0 Likes

Avatar of mashmia
Music Fan
2023-04-17 09:35 PM

Thank you, I'm currently using the Authorization Code Flow. This redirects my user to login and give my app permissions. The issue with this is that I don't need to access their information or make changes in their account. 

 

I want them to be able to mess around in my account.

0 Likes

Avatar of Ximzend
Roadie
2023-04-18 07:29 AM

 The next step is to let your app print out the Access Token and a Refresh Token. Your app needs those tokens to make changes on behave of you.

You can read how to refresh an Access Token at the same page.

(If everything works, you can archive the login page you've used to get the tokens.)

0 Likes

Avatar of mashmia
Music Fan
2023-04-20 11:27 AM

According to your example, the end-user still needs to login and authorize Spotify. Correct?

0 Likes

Avatar of Ximzend
Roadie
2023-04-20 11:39 AM

The owner of the playlists needs to log in once to get the required tokens.

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more