Help Wizard

Step 1


Getting error=invalid_scope when we authenticate with the Spotify app

Getting error=invalid_scope when we authenticate with the Spotify app







iPhone 11 Pro

Operating System



My Question or Issue


We are authenticating with the Spotify app but get the following URL callback:




This only started happening today, one day after we got our quota extension approved.


Before, it was working fine. Before we had the quota extension, we were working with specific accounts (from Users and Access) that were approved.


For what it's worth here are the scopes we are using, although this error also happens even when I pass in an empty array for scopes (i.e. no scopes)!


Current scopes: 

"user-read-private", "playlist-modify-public", "playlist-read-private", "playlist-modify-private", "user-follow-read", "user-library-modify", "user-library-read", "user-top-read"


I have deleted our app (Smores) from my device, I have deleted Spotify from the device, I've removed Smores from my Account (under Apps) etc. I think I ensured I'm starting with a clean slate.


Looking forward to your thoughts.



5 Replies

Fwiw this is a blocker for us since we can’t even test the app anymore.

We've reviewed this and according to the logs your client id is requesting two additional scopes: user-read-email and app-remote-control.


If you're using the iOS SDK you always need the app-remote-control scope.


You can submit a scope extension request via the Developer Dashboard to get the scopes added to your app.

Quick update: We pulled logs from the 10th to today, and your extension request was approved on the 13th. So it's likely just the app-remote-control scope causing the issue.

Appreciate the reply – indeed it looks like adding app-remote-control fixed it. We've requested an extension to get that permission too.


user-read-email was just to see what happens when we ask for more scopes.


Thanks again!


P.S. Maybe there's a way to have the Spotify library return the missing scope? Now that you mention it, it's clear, but it would have saved 3 days if Spotify could have called us back with just `?missing_scope=app-remote-control` or something like that. Either way, thanks for the reply!

Suggested posts