Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
I am in the process of switching my app over to use PKCE Auth Flow and ever since I did, each time I try to get an authorization code to use to obtain a token, I am being sent to the Spotify authorization page, whereas with the Basic Auth Flow, I was sent to the authorization page once and then basically never had to see it again.
Am I doing something wrong?
Is anyone else seeing this behavior with the PKCE Auth Flow?
Yes - I have not been able to figure this one out, but I do still use PKCE as the standard auth flow will only renew the token once and then it doesn't give you any more refresh tokens. So that is the trade-off... if you want to renew the token more than once, it seems you have to allow the login to happen each time.
Thanks for clarifying this.
@ktuli44 what is your use case? Do you have to re-authorize your users often?
Usually once you have the refresh_token you can just renew your acces_token once it expires.
I know the documentation doesn't specifically mention the show_dialog for the PKCE auth flow, but as it is previously mentioned, it was not clear if that meant it is intentionally not available for PKCE or not.
I do use the refresh tokens to get new tokens, but each time a user returns to the website it requires authentication again. I suppose I could put a different authentication wall in place or I could simply use cookies, but that seemed like a risk to let the user's token get hijacked.
So far I've just left it in place that it requires auth each time the user logs in. Only a minor annoyance for higher security.
You can renew the access token as many times as you want with the "standard auth flow". You just use the same refresh token each time. And if you don't want your users to have to login again each time they return to your site, then you should figure out a way of persistently storing the authorization information.
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game and get…