Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Topics with Label: PKCE

Labels

Forum Posts

Increasing security requirements for integration with Spotify Web API

Hey all, we’re making some changes to the Spotify Web API. To improve security, we are planning to remove support for two ways of integrating with Spotify that have been replaced with more secure alternatives. Please check the Spotify for Developers ...

  • Spotify
  • Spotify
  • Irishtalkers
  • Visitor
  • 5939 Views
  • 10 replies
  • 8 likes
  • Discussion
  • 5939 Views
  • 10 replies
  • 8 likes

Web API PKCE Authorize Not Working: INVALID_CLIENT: Invalid redirect URI

PlanPremiumCountryUSADevicePixel 3a EmulatorOperating SystemAndroid 13 My Question or IssueI am developing a mobile app with flutter/dart that uses Spotify's Web API. I am able to authenticate users without PKCE but when I use PKCE I get the error "I...

  • Newbie
  • ...ble to authenticate users without PKCE but when I use PKCE I get the error "INVALID_CLIENT: Invalid redirect URI" yet I have not changed the redirect URI and the URI used in the request matches the U...
  • Tanict
  • Casual Listener
  • 1074 Views
  • 2 replies
  • 1 likes
  • App authorization
    flutter
    PKCE
    Spotify Web API
  • 1074 Views
  • 2 replies
  • 1 likes

400 Bad Request - Access Token - PKCE Auth Code Flow

Hello,I'm currently on Step 2 (Requesting Access Token) of the Auth Code Flow using PKCE, but I am unable to retrieve the access token.ProblemI am receiving a 400 Bad Request when sending my POST request to the https://accounts.spotify.com/api/token ...

tfJWqRc
  • Casual Listener
  • Hello, I'm currently on Step 2 (Requesting Access Token) of the Auth Code Flow using PKCE, but I am unable to retrieve the access token. Problem I am receiving a 400 Bad Request when sending my P...
  • Soch
  • Music Fan
  • 4438 Views
  • 10 replies
  • 5 likes
  • access token
    PKCE
  • 4438 Views
  • 10 replies
  • 5 likes

Auth attempts all return "code_verifier required" when using non-PKCE auth between iOS and Web

PlanFree/PremiumCountryUSA DeviceiPhone XROperating SystemiOS 17.4.1 My Question or IssueI'm trying to authenticate using non-PKCE between Spotify iOS SDK and Web API. Every time I try to exchange the auth code for tokens, I get a 400 error and the b...

  • Newbie
  • Plan Free/Premium Country USA   Device iPhone XR Operating System iOS 17.4.1   My Question or Issue I'm trying to authenticate using non-PKCE between Spotify iOS SDK and Web API....
  • jcrm1
  • Casual Listener
  • 730 Views
  • 1 replies
  • 0 likes
  • Auth code flow
    iOS SDK
    iossdk
    PKCE
    Possible Bug
    Spotify iOS SDK
    Spotify Web API
    Web API
  • 730 Views
  • 1 replies
  • 0 likes

405 Error when trying to getToken with code

I am using the Autorization Code with PKCE Flow method of logging in with spotify using react native. I get a successful response from spotify containing the code after the user logs in; however, when I try to get the access and refresh tokens using ...

  • Casual Listener
  • I am using the Autorization Code with PKCE Flow method of logging in with spotify using react native. I get a successful response from spotify containing the code after the user logs in; however, w...
  • _camden
  • Regular
  • 718 Views
  • 3 replies
  • 0 likes
  • API refresh token
    PKCE
  • 718 Views
  • 3 replies
  • 0 likes

PKCE support and example code for iOS SDK?

I'm trying to do authentication on my app using the iOS SDK, and authenticate hopefully using the SPTSessionManager Authorization flow, the alternative method mentioned in the iOS's SDK FAQ under "What if I need to authorize without starting playback...

  • Casual Listener
  • ...hat if I need to authorize without starting playback?".   I want to use PKCE so I don't have to bundle my secret key in the app or set up a key exchange server. However, I can't find any hints o...
  • phunden
  • Newbie
  • 399 Views
  • 1 replies
  • 1 likes
  • iOS
    PKCE
    Question
  • 399 Views
  • 1 replies
  • 1 likes

Refresh token revoked

I am using PKCE for my web app. When a user tries to perform an action and the access token has expired, I use the refresh token to generate a new access token. If my webapp is idle for over a day, and I try to use the refresh token, I get the follow...

  • Casual Listener
  • I am using PKCE for my web app. When a user tries to perform an action and the access token has expired, I use the refresh token to generate a new access token. If my webapp is idle for over a day, a...
  • martinweiss
  • Gig Goer
  • 5335 Views
  • 3 replies
  • 2 likes
  • PKCE
  • 5335 Views
  • 3 replies
  • 2 likes

AUTHENTICATION_SERVICE_UNKNOWN_ERROR when login

Hi all! I have been developing an Android app with the Spotify SDK for a few weeks. Everything was working fine (used the log-in and the web api afterwards). Then i decided to implement the PKCE flow. I got it working but when i had to send the code ...

  • Newbie
  • Hi all! I have been developing an Android app with the Spotify SDK for a few weeks. Everything was working fine (used the log-in and the web api afterwards). Then i decided to implement the PKCE f...
  • 598 Views
  • 0 replies
  • 1 likes
  • Android
    Android SDK
    logging
    PKCE
    Possible Bug
  • 598 Views
  • 0 replies
  • 1 likes

Solved!! Unable to refresh token with PKCE flow

I'm using the PKCE flow in my SPA.The initial authorization call works fine, with the following body parameters :code: AQC...redirect_uri: http://localhost:3000/myappgrant_type: authorization_codecode_verifier: DHo4...client_id: f50...Spotify returns...

  • Casual Listener
  • I'm using the PKCE flow in my SPA. The initial authorization call works fine, with the following body parameters : code: AQC... redirect_uri: http://localhost:3000/myapp grant_type: a...
  • Neumann_
  • Casual Listener
  • 806 Views
  • 1 replies
  • 0 likes
  • OAuth
    oAuth2
    PKCE
  • 806 Views
  • 1 replies
  • 0 likes