Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

scope parameter should not be optional

scope parameter should not be optional

Avatar of rafaeland
Casual Listener
2021-01-04 08:19 PM

Hi,

 

     I am trying to use the Oauth2 / OIDC authentication provided by spotify. According to OpenID Connect documentation, the parameter scope is not optional, but required. I am using a quarkus extension who passes "oidc" as value to this parameter (as defined in openid connect documentation), but the spotify's webapi is returning a message : 

 

"illegal scope"

 

for my url :


"&scope=openid+user-read-private+user-read-email"

 

     but the scope openid is not really "illegal", according to the docs. How could I workaround this issue? The api isn't suppose to accept this value?

 

Kind Regards, 

 

Rafael

 

 

0 Likes
Reply
3 Replies

Avatar of Hubo
Community Legend
2021-01-05 11:40 AM

Hey @rafaeland, thanks for posting here!

Let's dive right into this. I've taken a look and the documentation for the OpenID Connect Core states: 'OpenID Connect requests MUST contain the openid scope value'. It sounds like this is specific to this product from OpenID. 

 

OAuth is a standard which is implemented by multiple services. Their implementation might differ a bit. The standard is described here: https://tools.ietf.org/html/rfc6749.

 

Let me know if you have any questions!

 

Have a good one,

Hubo 

HuboSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Avatar of rafaeland
Casual Listener
2021-01-05 01:47 PM

Hi, thank you for the prompt answer.

 

     OIDC is an implementation of OAuth2, not the specification per see... I think you're right. Let me investigate further from my side on how can I use pure OAuth2. 

 

Kind regards, 

0 Likes

Avatar of ktuli44
Music Fan
2021-01-06 03:21 AM

Might be a silly idea, but have you tried %20 instead of the + for the space delimiter in your scope list?

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more

Type a product name