Operating System
Windows 10
My Question or Issue
My app is currently in development mode. I'm using the client credentials OAuth flow. I've already set up my dashboard, registered my app, gotten my client id and client secret. I am trying to get my top track and display it on my personal website (React App), but I keep getting a 403 error when fetching /top/tracks. I am getting the proper token, and when I supply it statically to my method, I get the proper response (status code 200 with proper response), but when I try to dynamically assign the token to the function, (i.e. everytime a user visits my website, I generate a new OAuth token for them and use it), then I get the 403 error.
import React, { useState, useEffect } from 'react'
// omitted keys for privacy reasons
const clientId = ""
const clientSecret = ""
const getToken = async () => {
const res = await fetch('https://accounts.spotify.com/api/token', {
method: 'POST',
headers: {
'Authorization': 'Basic ' + btoa(clientId + ':' + clientSecret),
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'grant_type=client_credentials',
});
const data = await res.json();
return data.access_token;
};
const getMostRecentSong = async () => {
const token = await getToken();
console.log(token) // this log returns a valid token
const res = await fetch('https://api.spotify.com/v1/me/top/tracks', {
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${token}`,
},
});
console.log(res); // this log returns a response with error code 403
const data = await res.json();
return data.items
};
const App = () => {
const [data, setData] = useState([]);
useEffect(() => {
(async () => {
try {
const items = await getMostRecentSong();
setData(items);
} catch (error) {
console.error(error);
}
})();
}, []);
return (
...
)
}
// the response object I'm getting
Response {
type: 'cors',
url: 'https://api.spotify.com/v1/me/top/tracks',
redirected: false, status: 403, ok: false, …}
body: (...)
bodyUsed: true
headers: Headers {}
ok: false
redirected: false
status: 403
statusText: ""
type: "cors"
url: "https://api.spotify.com/v1/me/top/tracks"
}
I omitted the scope in my token fetch, because the docs mention that scope is not needed for tracks, since the playlists I want to fetch are all public anyways. Including a scope does not resolve the issue though.