Spotify Community

Jingojango · 2021-10-03

Plan

Premium

Country

UK

Device

Edge browser

Operating System

windows 10

My Question or Issue

I always receive this error when I run my fetch call to refresh my access_token: {error: 'invalid_client', error_description: 'Invalid client'}

I have checked my client id and secret and the refresh token being passed in is correct. I feel something must be incorrect about my refreshAccessToken() fetch function but I'm not sure what is wrong?

const refreshAccessToken = () => {
    console.log("run refresh: " + refreshToken);
    if (refreshToken !== "") {
      console.log("refresh token: ", refreshToken);
      console.log("refreshAccessToken running fetch");
      fetch("https://accounts.spotify.com/api/token", {
        method: "POST",
        body: new URLSearchParams({
          refresh_token: refreshToken,
          grant_type: "refresh_token",
        }),
        headers: {
          Authorization:
            "Basic " +
            Buffer.from(
              spotify_client_id + ":" + spotify_client_secret
            ).toString("base64"),
          "Content-Type": "application/x-www-form-urlencoded",
        },
      })
        .then((response) => response.json())
        .then((data) => {
          if (data.error) {
            console.log("returned data error: ", data);
            return;
          }
          console.log("returned data: ", data);
          setToken(data.access_token);
          //setExpiresIn(data.expires_in);
        })
        .catch((error) => console.log("refresh token error: ", error));
    }
  };

Jingojango · 2021-10-06

Never mind. It was a problem with my code elsewhere. how do i close/delete my post?

View solution in original post

ohej · 2021-10-04

I think you may have discovered a bug in our authorization documentation.

When you exchange the code for an access token you get a few different parameters returned - access_token, token_type, scope, expires_in and refresh_token.

From the docs:

A token that can be sent to the Spotify Accounts service in place of an authorization code. (When the access code expires, send a POST request to the Accounts service /api/token endpoint, but use this code in place of an authorization code. A new access token will be returned. A new refresh token might be returned too.)

Try sending the refresh_token as the value for the Authorization header instead and let me know if that works.

I know the docs just below this says to send base64 encoded client_id:client_secret, but at least from the PKCE flow you have to use the refresh_token instead.

Let me know how it works and we'll get the docs updated accordingly.

ohej · 2021-10-06

Are you using the PKCE flow or code flow?

Jingojango · 2021-10-06

Never mind. It was a problem with my code elsewhere. how do i close/delete my post?

kyds3k · 2022-10-29

Hi! What was the error in your code that was causing the problem? I'm having the same problem and my code is similar to yours.

Gflex39 · 2023-07-17

Did you end up fixing it?

Spotify Community

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Why is refreshing access token returning "invalid client"?

Why is refreshing access token returning "invalid client"?

Photos

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Why is refreshing access token returning "invalid client"?

Why is refreshing access token returning "invalid client"?

Photos

Suggested posts

Let's introduce ourselves!