Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
I'm looking at creating a mod for a game which will allow users to control their local desktop Spotify app (as in the official one by spotify) using controls inside the game (note that I will not be streaming the audio into the game itself).
In order to authenticate the user I can't use an ingame way to display the login page because there's not really any feasible way to display a working secure web browser within the game. So my plan is to create an install script that authenticates the user using the Authorization Code Flow method which will be able to spawn a browser and perform the authentication.
I have a few issues that I wanted to clarify because I don't want to break ToS if I can avoid it so any clarification would be appreciated:
1) Since this will be client side code releasing the code with my API secret token for my app would be a bad idea since anyone could just grab it and do whatever with it. And implicit flow doesn't really work because the user would have to keep jumping out of the game (which is in VR by the way) to re authenticate constantly. Would it be permissible to have users create a developer account with spotify and generate their own API token with which the app will communicate with the API?
2) Is there a recommended way for me to store the users' tokens on disk in a secure way that's accessible by the install script for writing and the mod's code itself?
3) Under ToS IV.3.c...
Unless you receive Spotify’s written approval, you shall not use the Spotify Platform to incorporate Spotify Content into any game functionality (including trivia quizzes).
Would my use case violate the terms of service, even though I am not using Spotify's content in any "gamified" way and simple using it as a media player (and not even that, just as a control widget for an actual Spotify client the user would be using anyway)? If not, is there a way to obtain written approval for this usecase from Spotify?
I was wondering exactly this as well and it saddens me that you haven't received a reply. Did you get a response through some other channel?
The mod (SDA) will execute 100% locally and not transfer any data anywhere but to Spotify itself and perhaps between the two local clients. Also no revenue will be collected and I'd probably reject donations as well just to have this exist.
The game is Fallout 4 but it will be easy to port to all Creation Kit games such as Skyrim and the pending Starfield.
In regards to question 1, the answer is authorization code with PKCE. Spotify's support for this is relatively new and maybe didn't exist in 2020 when this question was asked.
Can't help with the rest. Spotify are hopeless at answering this kind of ToS question so I suggest you just do it if they don't bother replying to you. They need to put some effort in supporting people who are trying to follow their terms, particularly their paying customers.
There's no need for each user to generate their own client id and secret. It won't prevent them from needing to go through the authorization process in a browser anyways.
Setup a website where the users can authenticate their account by logging in through their browser. Save the access token and share it with your game.
I suppose a token request and the stated use required to submit one will act as a "truthy" boolean indicator as to whether Spotify approves of the idea. At least enough to take the initial leap and then pray you won't be greeted by a crease-and-desist in your inbox at some point later.
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game and get…