Spotify Community

Yes - I have not been able to figure this one out, but I do still use PKCE as the standard auth flow will only renew the token once and then it doesn't give you any more refresh tokens.  So that is the trade-off... if you want to renew the token more than once, it seems you have to allow the login to happen each time.

Thanks for clarifying this.

@ktuli44 what is your use case? Do you have to re-authorize your users often?
Usually once you have the refresh_token you can just renew your acces_token once it expires.

I know the documentation doesn't specifically mention the show_dialog for the PKCE auth flow, but as it is previously mentioned, it was not clear if that meant it is intentionally not available for PKCE or not.

I do use the refresh tokens to get new tokens, but each time a user returns to the website it requires authentication again.  I suppose I could put a different authentication wall in place or I could simply use cookies, but that seemed like a risk to let the user's token get hijacked.

So far I've just left it in place that it requires auth each time the user logs in.  Only a minor annoyance for higher security.

You can renew the access token as many times as you want with the "standard auth flow". You just use the same refresh token each time. And if you don't want your users to have to login again each time they return to your site, then you should figure out a way of persistently storing the authorization information.