Spotify Community

rafaeland · ‎2021-01-04

Hi,

I am trying to use the Oauth2 / OIDC authentication provided by spotify. According to OpenID Connect documentation, the parameter scope is not optional, but required. I am using a quarkus extension who passes "oidc" as value to this parameter (as defined in openid connect documentation), but the spotify's webapi is returning a message :

"illegal scope"

for my url :

"&scope=openid+user-read-private+user-read-email"

but the scope openid is not really "illegal", according to the docs. How could I workaround this issue? The api isn't suppose to accept this value?

Kind Regards,

Rafael

Hubo · ‎2021-01-05

Hey @rafaeland, thanks for posting here!

Let's dive right into this. I've taken a look and the documentation for the OpenID Connect Core states: 'OpenID Connect requests MUST contain the openid scope value'. It sounds like this is specific to this product from OpenID.

OAuth is a standard which is implemented by multiple services. Their implementation might differ a bit. The standard is described here: https://tools.ietf.org/html/rfc6749.

Let me know if you have any questions!

Have a good one,

Hubo

HuboRock Star 16

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

rafaeland · ‎2021-01-05

Hi, thank you for the prompt answer.

OIDC is an implementation of OAuth2, not the specification per see... I think you're right. Let me investigate further from my side on how can I use pure OAuth2.

Kind regards,

ktuli44 · ‎2021-01-06

Might be a silly idea, but have you tried %20 instead of the + for the space delimiter in your scope list?

Spotify Community

scope parameter should not be optional

scope parameter should not be optional

Re: scope parameter should not be optional

Re: scope parameter should not be optional

Re: scope parameter should not be optional

May 2020 Ideas Review