Spotify Community

DeineMudda753 · 2021-09-11

The documentations states that the following request should return a new refresh token:

Sample cURL request

curl -H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token' \
-d 'refresh_token=bOP-ycJHioNwO9QNqCpaREE4jInOjigq7hESRu3NFOa_XWy5tRLPWtacerPcLRTT3ad_Lsyba3fqidxUnbQZ6s1wIge' \
-d 'client_id=78ddd16c16e43884672d93a4a299bd0a59878fc3' https://accounts.spotify.com/api/token

Sample response

{
    "access_token": "9Cysa896KySJLrEcasloD1Gufy9iSq7Wa-K2SbSKwK3rXfizi4GwIS2RCrBmCMsKfkTDm82ez9m47WZ8egFCuRPs4BgEHw",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "PoO04alC_uRJoyd2MLhN53hHv2-sDAJs5mULPPzLW0lgdXXAvZAWEJrBqqd6NfCE4FZo7TcuKXp4grmE-9fKyMaP6zl6g",
    "scope": "user-follow-modify"
}

But when I do the exact same request with my app credentials the response misses the refresh_token? Is this the intended way or is this a bug?

Link to the referred documentation page:
https://developer.spotify.com/documentation/general/guides/authorization-guide/

Peter_Schorn · 2021-09-11

Which authorization process are you using? The authorization code flow, or the authorization code flow with proof key for code exchange?

View solution in original post

Peter_Schorn · 2021-09-11

Which authorization process are you using? The authorization code flow, or the authorization code flow with proof key for code exchange?

DeineMudda753 · 2021-09-12

I indeed was looking at the wrong authentication system. Everything works as expected. But just to be clear. I am using the standard auth flow. Can I use the refresh token I originally obtained over and over again?

Peter_Schorn · 2021-09-13

I don't know what the "standard auth flow" is. Spotify has the following authorization flows:

* Authorization Code Flow
* Authorization Code Flow With Proof Key for Code Exchange (PKCE)
* Implicit Grant
* Client Credentials Flow

I can't answer your questions until you tell me which authorization flow you're using.

user-removed · 2021-11-07

@DeineMudda753 What did you do to fix this ? Because I make the same request and I recieve the new access token but not the new refresh token

user-removed · 2021-11-07

What did you do exactly because it is the same I don't get the new refresh token and I am using the Authorization Code Flow

Peter_Schorn · 2021-11-07

You usually don't get a new refresh token when refreshing the access token using the authorization code flow. You just reuse the same refresh token every time you need to refresh the access token.

kcovert · 2022-02-03

I use the "Authorization Code Flow" @ page Authorization Code Flow | Spotify for Developers which says you get a refresh_token back from a call to https://accounts.spotify.com/api/token. I'm not getting back a refresh token, only getting a redirecturl and code back. Maybe some mis-understanding still. I think you said we don't need it, just stick with and use the returned code, but used the term refresh token which the OP or I aren't getting in the first place. The docs lead you to believe you do need a returned refresh token.

I'm here in on this now because I'm trying to find the correct way to prevent a user from having to log in on every new session using my app.

Peter_Schorn · 2022-02-04

Please read the authorization guide very carefully. It's very clear about which parameters are required for each request, as well as the expected response.

I don't believe you that you received the redirect uri and code from the "https://accounts.spotify.com/api/token" endpoint. Please check your code again. The "https://accounts.spotify.com/authorize" endpoint redirects to your redirect uri with the code parameter in the query string.

kcovert · 2022-02-04

Turns out I have been or are now getting back a refresh token and my json class may have had a deserializing issue. I added a json accept to the header. Don't know if that was a difference maker.

"\"access_token\":\"omitted\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"refresh_token\":\"omitted\",\"scope\":\"playlist-read-private streaming playlist-read-collaborative user-modify-playback-state user-library-read playlist-modify-private playlist-modify-public user-read-playback-state\"}"

yasNia · 2022-09-16

Hi there, I'm using Authorization Code Flow

and I've got the same issue.

I'm wondering if is it still the same?

ØyvindSelbek · 2022-09-17

Same here. Still happens, code flow here as well.

yasNia · 2022-09-18

@ØyvindSelbek

By now I worked it out by using the refresh_token

returned by login as suggested by

Peter_Schorn

@ØyvindSelbek wrote:
Same here. Still happens, code flow here as well.

You usually don't get a new refresh token when refreshing the access token using the authorization code flow. You just reuse the same refresh token every time you need to refresh the access token. and till now it works

ØyvindSelbek · 2022-09-20

Yeah, thats my method as well, but its not really "the way" 🙂

Peter_Schorn · 2022-09-21

It is "the way". Your code should always check to see if you get a new refresh token, but, if you don't, you keep reusing the one you originally received. Notice that in the documentation for Request a refreshed Access Token, it says:

The response will be similar to this:

{
   "access_token": "NgA6ZcYI...ixn8bUQ",
   "token_type": "Bearer",
   "scope": "user-read-private user-read-email",
   "expires_in": 3600
}

Notice there is no refresh token in this JSON payload.

Spotify Community

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Refreshing access token does not reuturn new refresh token

Refreshing access token does not reuturn new refresh token

Photos

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Refreshing access token does not reuturn new refresh token

Refreshing access token does not reuturn new refresh token

Photos

Suggested posts

Let's introduce ourselves!