Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Central OAuth2.0 Authorization on the Backend-Side using PHP and curl

Solved!

Central OAuth2.0 Authorization on the Backend-Side using PHP and curl

I am creating an application which aims at automatically creating Spotify Playlists in a central Spotify account (not the account of the end users).

 

On the backend side I am using PHP to authorize this central user, and it is working as long as I am logged in myself with that account.

 

Users that visit my website should be able to create playlists via that interface through the Spotify Web API without the need to authorize their account nor being logged in at all.

 

Is it somehow possible to perform this authorization process only on the backend side without the need for the user to authorize it?

 

Eventually, I want to send the playlist link from the central account back to the user who can open it in their own app, if they want to.

 

I try to avoid that multiple users must authorize for my app, since I'm not trying to access personal information from their account.

 

I used the 3-step process for authorization as described in this Stackoverflow Post: https://stackoverflow.com/questions/65866625/spotify-oauth2-with-php-curl-how-to-get-authorization-c...


If necessary, I will provide more information.

Reply

Accepted Solutions
Marked as solution

Yes, it is possible. When you let the central Spotify account login to your app, you'll an access_token (that will expire in 1 hour) and a refresh_token. When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the acces_token. A new access_token will be returned. A new refresh_token might be returned too. You can read more about it here.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

View solution in original post

1 Reply
Marked as solution

Yes, it is possible. When you let the central Spotify account login to your app, you'll an access_token (that will expire in 1 hour) and a refresh_token. When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the acces_token. A new access_token will be returned. A new refresh_token might be returned too. You can read more about it here.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Suggested posts