Spotify Community

rafaeland · 2021-01-04

Hi,

I am trying to use the Oauth2 / OIDC authentication provided by spotify. According to OpenID Connect documentation, the parameter scope is not optional, but required. I am using a quarkus extension who passes "oidc" as value to this parameter (as defined in openid connect documentation), but the spotify's webapi is returning a message :

"illegal scope"

for my url :

"&scope=openid+user-read-private+user-read-email"

but the scope openid is not really "illegal", according to the docs. How could I workaround this issue? The api isn't suppose to accept this value?

Kind Regards,

Rafael

Hubo · 2021-01-05

Hey @rafaeland, thanks for posting here!

Let's dive right into this. I've taken a look and the documentation for the OpenID Connect Core states: 'OpenID Connect requests MUST contain the openid scope value'. It sounds like this is specific to this product from OpenID.

OAuth is a standard which is implemented by multiple services. Their implementation might differ a bit. The standard is described here: https://tools.ietf.org/html/rfc6749.

Let me know if you have any questions!

Have a good one,

Hubo

HuboSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

rafaeland · 2021-01-05

Hi, thank you for the prompt answer.

OIDC is an implementation of OAuth2, not the specification per see... I think you're right. Let me investigate further from my side on how can I use pure OAuth2.

Kind regards,

ktuli44 · 2021-01-06

Might be a silly idea, but have you tried %20 instead of the + for the space delimiter in your scope list?

Spotify Community

scope parameter should not be optional

scope parameter should not be optional

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

scope parameter should not be optional

scope parameter should not be optional

Suggested posts

Let's introduce ourselves!