Spotify Community

I need to "authorize" the bearer token to delete some tracks from a list (from my personal Spotify account) I'm following this flow I first make a POST request to https://accounts.spotify.com/api/token using `"Authorization: Basic ZjM4ZjAw...WY0MzE="` header and with the desired scope in the body and then another POST request to the actual endpoint with
`f"Authorization: Bearer {response_dict['access_token']}"` header. Getting these two tokens seems to work without a problem.

I have checked similar question in StackOverflow, but they either not address my problem specifically or they don't have an answer at all

this is my actual python code:

cred = f"{environ['SPOTIPY_CLIENT_ID']}:{environ['SPOTIPY_CLIENT_SECRET']}"
cred = cred.encode("ascii")
cred = base64.b64encode(cred)
cred = cred.decode("ascii")

headers = {"Authorization": f"Basic {cred}"}
data = {
    "grant_type": "client_credentials",
    "scope": "playlist-modify-private user-library-read",
}
url = "https://accounts.spotify.com/api/token"
response = requests.post(url, headers=headers, data=data)
if response.status_code != 200:
    raise Exception(response.reason)
    session = requests.Session()
    response_dict = response.json()
    session.headers.update({
        "Content-Type": "application/json",
        "Authorization": f"Bearer {response_dict['access_token']}",
    })

then I got the scope in the first response as a "confirmation that they granted" (at least that's my interpretation of seeing the same scope that I request in their response)

**HOWEVER**: when I attempt to delete some tracks I get a 403 error, forbidden to do so 😞 When I use the token from their site everything works as expected... any idea what could it be or what am I missing????

thanks in advance!