HP Elitebook 840 (Google Chrome)
My Question or Issue
When calling the /v1/me/playlists endpoint with postman using the access token received after authenticating with "Refreshable user authorization: Authorization Code Flow" (call this accessToken1), the user's created playlists are returned and whatever followed playlists that are set to public (instead of secret). ["user-read-private", has been added to the scope]
However, when trying the same out on the website:
https://developer.spotify.com/console/get-current-user-playlists/ where a new token is produced (accessToken2), it suddenly returns all followed playlists, even if they are set to "secret". Furthermore, when I use postman to make a call to /v1/me/playlists with accessToken2, it still returns all followed playlists. While when using accessToken1 on the website I get "Invalid access token".
It seems like when authorizing through the website, the access token returned has higher permissions than access tokens returned through the WebApi. Is this supposed to be the case, or am I missing something?
The natural thing, to me, would be that a user can fetch their own followed playlists regardless whether secret of public when calling the /v1/me/playlists endpoint, after all, these show up for the user when they log in to any of Spotify's apps. Is there noway to fetch all followed playlists?