Hi team,

I’m building a local browser app using Spotify Authorization Code with PKCE.

Auth works, playback works, search works, and reading the user profile works. The access token includes both `user-library-read` and `user-library-modify`.

Confirmed granted scopes from token response/local storage:

playlist-read-private playlist-read-collaborative streaming user-modify-playback-state user-library-read user-library-modify playlist-modify-private user-read-playback-state user-read-currently-playing user-read-email user-read-private

Working:

• - GET https://api.spotify.com/v1/me → 200
• - GET https://api.spotify.com/v1/me/tracks?limit=1 → 200
• - Playback endpoints work
• - Search endpoints work

Failing:

• PUT https://api.spotify.com/v1/me/albums with JSON body `{ "ids": ["6T8ahpJA6ghTzviOvqoUdb"] }` → 403
• PUT https://api.spotify.com/v1/me/tracks with JSON body `{ "ids": ["TRACK_ID"] }` → 403
• GET https://api.spotify.com/v1/me/albums/contains?ids=6T8ahpJA6ghTzviOvqoUdb → 403

Response body:

{ "error": { "status": 403, "message": "Forbidden" } }

I’ve also tried removing app access, clearing local storage, forcing `show_dialog=true`, reconnecting, and confirming the token still includes `user-library-modify`.

I know there have been some changes to the API recently, but from what I can tell, this shouldn't be affected?