Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
Please see below the most popular frequently asked questions.
Loading article...
Loading faqs...
Please see below the current ongoing issues which are under investigation.
Loading issue...
Loading ongoing issues...
Plan
Free/Premium
Country
USA
Device
iPhone XR
Operating System
iOS 17.4.1
My Question or Issue
I'm trying to authenticate using non-PKCE between Spotify iOS SDK and Web API. Every time I try to exchange the auth code for tokens, I get a 400 error and the body
{"error":"invalid_request","error_description":"code_verifier required"}
. However, according to the non-PKCE docs, no code_verifier should be included. My flow is:
1. Use my iOS app and Spotify iOS SDK + Spotify app installed to retrieve the authorization code.
2. Pass that code to my service backend to exchange it for the OAuth tokens (refresh and access).
Swift
```
// Create a SPTSessionManager
let sessionManager = …
sessionManager?.initiateSession(with: scopes, options: .default)
// In my AppDelegate URL processing callback
guard let appRemote = appRemote else { return }
guard let parameters = appRemote.authorizationParameters(from: url) else { return }
guard let access_code = parameters["code"] else { return }
logger.info("Spotify Access Code: \(String(describing: access_code))")
```
All this works, and I see an access code. I then pass that code to my Node.js backend to exchange the code for tokens and store the tokens (so I can make Web API calls later). The called URL is `https://accounts.spotify.com/api/token`.
```
logger.info('Exchanging code for tokens');
const encodedCredentials = this.encodeClientCredentials({
clientId: this.clientId,
clientSecret: this.clientSecret,
});
const response = await this.fetchFunction(this.accessTokenUrl,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
Authorization: encodedCredentials,
},
body: this.generateTokensRequestBody(code),
});
if (!response.ok) {
throw new Error(await response.text());
}
logger.info('Fetch function succeeded, parsing response...');
const data = await response.json();
const accessToken = data.access_token;
const refreshToken = data.refresh_token;
```
This is `generateTokensRequestBody()` seen above:
```
return new URLSearchParams({
grant_type: 'authorization_code',
code,
redirect_uri: this.redirectUri,
});
```
As far as I can tell, I _cannot_ use PKCE because there's nowhere in the iOS SDK to provide the `code_verifier`. If I tried to pass the `code_verifier` when I exchange the code for the tokens, there's no previous call to reference.