Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Returning "Invalid Client" in Authentication last step to generate access token

Returning "Invalid Client" in Authentication last step to generate access token

Avatar of MalvikaValambhiya
Regular
2022-02-25 07:59 AM

Plan

Free

Country

India

Device

Lenovo ideapad 100

Operating System

Windows 8.1 pro

 

My Question or Issue

I always receive this error when I run command to generate access token from authentication steps
{error: 'invalid_client', error_description: 'Invalid client'}


I have checked my client id and secret being passed in is correct. I'm not sure what is wrong?


Command Which I've run was:
curl -H "Authorization: Basic [BASE64_OUTPUT_FROM_STEP_4]" -d grant_type=authorization_code -d code=[CODE_FROM_STEP_3] -d redirect_uri=http://localhost:8888/callback https://accounts.spotify.com/api/token

In above command I'm placing value in [BASE64_OUTPUT_FROM_STEP_4] and [CODE_FROM_STEP_3] is correct/ I've double check that. 

above step is the last step to generate access token in which I'm getting error.

 

 

Labels:
Reply
15 Replies

Avatar of alvaron
Spotify
Spotify
2022-03-01 10:38 PM

Hey! This error usually happens when the "Authorization" header is not correctly set. The format must be:

 

Authorization: Basic <base64 encoded client_id:client_secret>

 

For example:

 

curl -H 'Authorization: Basic MTIzNDU2Nzg6YWJjZGVmZw==' -X POST https://accounts.spotify.com/api/token -d code=${CODE} -d redirect_uri=http://localhost:3000/callback -d grant_type=authorization_code

 

Note that 'MTIzNDU2Nzg6YWJjZGVmZw==' is the base64 encoded output of the string 12345678:abcdefg (where 12345678 is the client id and abcdefg the client secret).

 

Some things to consider:

 

- Check that the client id does not contains extra characters. 

- client id and client secret are separated only by the ":" character.

- Verify that the value of the client id you are sending in this request, is equal to the client id sent in the request where you retrieve the authorization code.

 

Avatar of MalvikaValambhiya
Regular
2022-03-02 12:33 PM
Yes I've checked the things that you've mentioned. But still I'm getting the same issue.
{"error":"invalid_client"}

0 Likes

Avatar of jfarellano
Visitor
2022-05-12 12:36 PM

Any luck? 

0 Likes

Avatar of Peter_Schorn
Roadie
2022-05-12 02:42 PM

Post the code that base-64 encodes the client id and client secret.

0 Likes

Avatar of DerKrieger29
Visitor
2022-05-20 06:40 PM

I'm running into the same issue with Python. This is my code:

 

encoded = str(base64.b64encode((creds["client_id"] + ":" + creds["client_secret"]).encode("ascii")))

 

headers = {
     "Content-Type": "application/x-www-form-urlencoded",
     "Authorization": "Bearer " + encoded
}

 

body = {
     "grant_type": "client_credentials"
}

 

resp = requests.post("https://accounts.spotify.com/api/token", data=body, headers=headers)
0 Likes

Avatar of Peter_Schorn
Roadie
2022-05-20 10:36 PM

Try removing ".encode("ascii")".

0 Likes

Avatar of kraxner
Casual Listener
2022-09-23 07:51 PM

Did anyone get any further on this? 

0 Likes

Avatar of kraxner
Casual Listener
2022-09-23 10:50 PM

For others that might fall into this trap or base64-encoding their client_id and client_secret, be sure to use the following to properly get the output necessary:

 

Use "-n" in the echo command:

 

$ echo -n '12345678:abcdefg' | base64                                                                                                                                                                                                                                                                              
MTIzNDU2Nzg6YWJjZGVmZw==

 

 

Avatar of kraxner
Casual Listener
2022-09-23 11:42 PM

The encoded line should look like this:

 

encoded = base64.b64encode((client_id + ":" + client_secret).encode("ascii")).decode("ascii")

 

 

The full Python example that currently works for me is:

 

import requests
import base64

client_id = "abcdef1234567890abcdef1234567890"
client_secret = "0987654321fedcba0987654321fedcba"

encoded = base64.b64encode((client_id + ":" + client_secret).encode("ascii")).decode("ascii")

headers = {
     "Content-Type": "application/x-www-form-urlencoded",
     "Authorization": "Basic " + encoded
}
 
payload = {
     "grant_type": "client_credentials"
}
 
response = requests.post("https://accounts.spotify.com/api/token", data=payload, headers=headers)
print(response)
print(response.text)

 

 

Avatar of Peter_Schorn
Roadie
2022-10-01 07:18 PM

DO NOT POST YOUR CLIENT ID AND CLIENT SECRET IN A PUBLIC FORUM!

0 Likes

Avatar of kraxner
Casual Listener
2022-10-02 12:09 AM

Yikes! Who posted their client_id and client_secret?

Avatar of Peter_Schorn
Roadie
2022-10-02 12:25 AM

It looked like you did, but it appears based on the pattern that these are just fake values.

0 Likes

Avatar of SimonCanJer
Newbie
2023-06-07 07:55 AM

Guys,  note please, that the standard REST basic (username(id)+ password (secret)) authorization header has the following format  name="Authorization"  value="Basic <what else you transmit>".  So, in this case, name="Authorization", value="Basic <your Base64 encrypted term>".     The "Basic" is used to identify the authorization type, after that the server decides what to do with the header.  I was very surprised when reading the documentation. Of course, the server returned the invalid_client error when I tested it. But it works with a 200 return code when doing it normally. 

0 Likes

Avatar of Brucep1
Newbie
2023-09-13 03:54 AM

Hello,

 

Same topic "invalid_client". I am using VBA to connect to the web API however I am getting the error "{"error":"invalid_client"}". The xml.responseText below returns {"error":"invalid_client"}".

 

Please see my code snippet below. Can anyone assist in identifying what I am doing wrong:

 

Sub GetSpotifySongInfo()
Dim apiUrl As String
Dim httpRequest As Object
Dim jsonResponse As String
Dim json As Object
Dim fs As Object
Dim textFile As Object
Dim songInfo As String

'#########################################################################################
' Define your Spotify API credentials
Const clientId As String = "xxxxxxxxxxxxxxxxxxxxxxxx" 'YOUR_CLIENT_ID
Const clientSecret As String = "yyyyyyyyyyyyyyyyyyyyyyyyyyyyy" 'YOUR_CLIENT_SECRET

' Create an HTTP request to get an access token from Spotify
Dim xml As Object
Set xml = CreateObject("MSXML2.ServerXMLHTTP.6.0")
Dim url As String
url = "https://accounts.spotify.com/api/token"
xml.Open "POST", url, False
xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xml.setRequestHeader "Authorization", "Basic " & EncodeBase64(clientId & ":" & clientSecret)
xml.send "grant_type=client_credentials"

' Parse the response to get the access token
Dim accessToken As String
Set json = JsonConverter.ParseJson(xml.responseText)
accessToken = json("access_token")
'#########################################################################################

 

 

 

0 Likes

Avatar of pushkar707
Visitor
2023-09-24 07:24 PM

You need to add a space after Bearer in "Bearer" string

 

Currenttly its "Bearer"

Make it "Bearer "

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more