Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
Please see below the most popular frequently asked questions.
Loading article...
Loading faqs...
Please see below the current ongoing issues which are under investigation.
Loading issue...
Loading ongoing issues...
The documentations states that the following request should return a new refresh token:
Sample cURL request
curl -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=refresh_token' \ -d 'refresh_token=bOP-ycJHioNwO9QNqCpaREE4jInOjigq7hESRu3NFOa_XWy5tRLPWtacerPcLRTT3ad_Lsyba3fqidxUnbQZ6s1wIge' \ -d 'client_id=78ddd16c16e43884672d93a4a299bd0a59878fc3' https://accounts.spotify.com/api/token
Sample response
{ "access_token": "9Cysa896KySJLrEcasloD1Gufy9iSq7Wa-K2SbSKwK3rXfizi4GwIS2RCrBmCMsKfkTDm82ez9m47WZ8egFCuRPs4BgEHw", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "PoO04alC_uRJoyd2MLhN53hHv2-sDAJs5mULPPzLW0lgdXXAvZAWEJrBqqd6NfCE4FZo7TcuKXp4grmE-9fKyMaP6zl6g", "scope": "user-follow-modify" }
But when I do the exact same request with my app credentials the response misses the refresh_token? Is this the intended way or is this a bug?
Link to the referred documentation page:
https://developer.spotify.com/documentation/general/guides/authorization-guide/
Solved! Go to Solution.
Which authorization process are you using? The authorization code flow, or the authorization code flow with proof key for code exchange?
Which authorization process are you using? The authorization code flow, or the authorization code flow with proof key for code exchange?
I don't know what the "standard auth flow" is. Spotify has the following authorization flows:
* Authorization Code Flow
* Authorization Code Flow With Proof Key for Code Exchange (PKCE)
* Implicit Grant
* Client Credentials Flow
I can't answer your questions until you tell me which authorization flow you're using.
@DeineMudda753 What did you do to fix this ? Because I make the same request and I recieve the new access token but not the new refresh token
You usually don't get a new refresh token when refreshing the access token using the authorization code flow. You just reuse the same refresh token every time you need to refresh the access token.
I use the "Authorization Code Flow" @ page Authorization Code Flow | Spotify for Developers which says you get a refresh_token back from a call to https://accounts.spotify.com/api/token. I'm not getting back a refresh token, only getting a redirecturl and code back. Maybe some mis-understanding still. I think you said we don't need it, just stick with and use the returned code, but used the term refresh token which the OP or I aren't getting in the first place. The docs lead you to believe you do need a returned refresh token.
I'm here in on this now because I'm trying to find the correct way to prevent a user from having to log in on every new session using my app.
Please read the authorization guide very carefully. It's very clear about which parameters are required for each request, as well as the expected response.
I don't believe you that you received the redirect uri and code from the "https://accounts.spotify.com/api/token" endpoint. Please check your code again. The "https://accounts.spotify.com/authorize" endpoint redirects to your redirect uri with the code parameter in the query string.
Turns out I have been or are now getting back a refresh token and my json class may have had a deserializing issue. I added a json accept to the header. Don't know if that was a difference maker.
"\"access_token\":\"omitted\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"refresh_token\":\"omitted\",\"scope\":\"playlist-read-private streaming playlist-read-collaborative user-modify-playback-state user-library-read playlist-modify-private playlist-modify-public user-read-playback-state\"}"
Hi there, I'm using Authorization Code Flow
and I've got the same issue.
I'm wondering if is it still the same?
Same here. Still happens, code flow here as well.
@ØyvindSelbek
By now I worked it out by using the refresh_token
returned by login as suggested by
@ØyvindSelbek wrote:Same here. Still happens, code flow here as well.
Yeah, thats my method as well, but its not really "the way" 🙂
It is "the way". Your code should always check to see if you get a new refresh token, but, if you don't, you keep reusing the one you originally received. Notice that in the documentation for Request a refreshed Access Token, it says:
The response will be similar to this:
{
"access_token": "NgA6ZcYI...ixn8bUQ",
"token_type": "Bearer",
"scope": "user-read-private user-read-email",
"expires_in": 3600
}
Notice there is no refresh token in this JSON payload.
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game and get…