Announcements

Help Wizard

Step 1

NEXT STEP

Central OAuth2.0 Authorization on the Backend-Side using PHP and curl

Solved!

Central OAuth2.0 Authorization on the Backend-Side using PHP and curl

I am creating an application which aims at automatically creating Spotify Playlists in a central Spotify account (not the account of the end users).

 

On the backend side I am using PHP to authorize this central user, and it is working as long as I am logged in myself with that account.

 

Users that visit my website should be able to create playlists via that interface through the Spotify Web API without the need to authorize their account nor being logged in at all.

 

Is it somehow possible to perform this authorization process only on the backend side without the need for the user to authorize it?

 

Eventually, I want to send the playlist link from the central account back to the user who can open it in their own app, if they want to.

 

I try to avoid that multiple users must authorize for my app, since I'm not trying to access personal information from their account.

 

I used the 3-step process for authorization as described in this Stackoverflow Post: https://stackoverflow.com/questions/65866625/spotify-oauth2-with-php-curl-how-to-get-authorization-c...


If necessary, I will provide more information.

Reply

Accepted Solutions
Marked as solution

Yes, it is possible. When you let the central Spotify account login to your app, you'll an access_token (that will expire in 1 hour) and a refresh_token. When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the acces_tiken. A new access_token will be returned. A new refresh_token might be returned too. You can read more about it here.

View solution in original post

1 Reply
Marked as solution

Yes, it is possible. When you let the central Spotify account login to your app, you'll an access_token (that will expire in 1 hour) and a refresh_token. When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the acces_tiken. A new access_token will be returned. A new refresh_token might be returned too. You can read more about it here.

Suggested posts