Announcements

Unable to refresh token with PKCE flow

Solved!
Go to solution

Unable to refresh token with PKCE flow

Avatar of Neumann_
Casual Listener
‎2021-11-11 08:55 PM
I'm using the PKCE flow in my SPA.

The initial authorization call works fine, with the following body parameters :

code: AQC...
grant_type: authorization_code
code_verifier: DHo4...
client_id: f50...

Spotify returns an acces_token, along with a refresh_token. However, the refresh request doesn't work. Here are the body parameters I use in the refresh request :

grant_type: refresh_token
refresh_token: AQD...
client_id: f50...

Spotify then returns a 400 error : {"error":"invalid_client"}

Needless to say that both these requests have NO authentication header, since PKCE doesn't require it.

Note that before trying to implement this, my code was using classic authorization flow, using basic authentication with client_id/secret_id. Refresh requests worked fine.
Labels:
0 Likes
Reply

Accepted Solutions
Marked as solution

Avatar of Neumann_
Casual Listener
‎2021-11-13 03:36 PM
The mistake was on my side, I was sending a "Authorization : null" header in the token refresh request.

My bad

View solution in original post

0 Likes
1 Reply
Marked as solution

Avatar of Neumann_
Casual Listener
‎2021-11-13 03:36 PM
The mistake was on my side, I was sending a "Authorization : null" header in the token refresh request.

My bad
0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game…

Staff
ModeratorStaff / Moderator/ 1 year ago in Social & Random
Read more