Plan

Premium

Country

US

Device

Samsung S20 FE

Operating System

Android

My Question or Issue


Hello everyone,

I am new to the spotify API and I am trying to complete the Oauth authorization flow for my android application.  After my app redirects me to the spotify login page, I login, and it redirects me to a page that says "INVALID_CLIENT: Insecure redirect URI", it does NOT say "INVALID_CLIENT: Invalid redirect URI" which makes me believe it is a security issue.  I am using a custom redirect URI, let's call it "com.myapp://callback".  I have added this exactly to the redirect URI of my spotify dashboard for this project, and have verified that I wrote this exactly everywhere else in my project that required a redirect URI.

If anyone has any insight on this then I'd really appreciate it.  I feel that it has something to do with spotify's new redirect URI security requirements, but I thought that those didn't apply to custom URIs for mobile apps and I'd appreciate any insight.

EDIT:
I have tested my application with a client id from a spotify project that I had created before April 9th (the date of the Spotify rules being enforced), and the application worked perfectly.  This leads me to believe that it is an issue with the new redirect URI rules and how custom URIs are handled for mobile applications.