Help Wizard

Step 1


Serverless personal project - refreshing auth token solution

Serverless personal project - refreshing auth token solution






My Question or Issue


I am developing a very simple jukebox style app for purely personal use to control my queue and allow others to add songs to it at parties and gathering etc. It will only ever use or need permission to access my own spotify account.


That being said, the docs on auth method seems needlessly overkill and convoluted for my use case. This is a simple locally hosted web page that invokes the api with ajax and client side javascript. I will not be hosting this on the web or making requiring a server/backend. I just want to either not have to refresh a token every hour (unrealistic) or, if I must, have a simple way of doing so via checking if the one I have is expired and getting a new one, or using the one I have. The 4 documented methods all fail to meet my use case, and all for some reason assume I have server based and require a redirect_uri as a parameter. I am lost as to how to proceed.


please any advice would be appreciated.



5 Replies

Even though the authorization methods require a redirect uri, the url that you choose for this doesn't need to actually work. For example, you could set the redirect uri to "http://localhost". After being redirected to this URL, just copy the authorization code from the query string manually and proceed with the rest of the authorization process. You only need to do this process once. Refreshing the access token when it is expired is a very simple process that you can easily automate. Spotify tells you when the access token will expire, so, before each api request, check if it is expired and refresh it if necessary. There's nothing complicated about that. There are plenty of libraries that can do this for you.

What if not redirecting to my locally hosted index.html breaks my app flow?

I don't know what your "app flow" is, so I don't know how to answer your question. Try asking a more specific question.


The authorization methods are what they are, and there's no way to authorize your app other that what the docs describe. Accept that fact.


See for a list of libraries that can implement the authorization process for you.

Sorry for piggy backing on this post, do refresh tokens have an expiration? Can't seem to find it anywhere in the docs.

The refresh token never expires.


For the authorization code flow, you use the same refresh token each time to refresh the access token.


For the authorization code flow with PKCE, the refresh token can only be used to retrieve a new access token and refresh token once, after which the previous refresh token becomes invalid. So, make sure to save the newly returned refresh token.

Suggested posts