Search code examples
pythonpython-3.xoauth-2.0spotifyapi-design

Spotify API fetch authorization code from redirect_uri

I'm trying to get authorization for my app and my Spotify account. Don't need the feature working inside the app for every user. Because there is no app yet. Just want to try some things first. And now I'm aware of spotipy, I should probably use the library. At first, I was trying just paste links in the browser following the instruction below. The first step works fine. But when I'm trying to exchange auth code with token I'm always getting an error. I'm thinking maybe the auth code has an extremely short lifetime, and it's always too late when I've pasted auth code in the new link.

So, the question is: could I somehow fetch the code that appears in the redirect_uri after performing GET request, and then pass it as one of the parameters to the POST request.

The guide from spotify - https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorizaton-code-flow

import requests
import config
import secrets
import string


URL_AUTH = 'https://accounts.spotify.com/authorize'
URL_TOKEN = 'https://accounts.spotify.com/api/token'
symbols = string.ascii_lowercase + string.digits
STATE = ''.join(secrets.choice(symbols) for _ in range(12))

params_auth = {
                'client_id': config.CLIENT_ID,
                'response_type': 'code',
                'redirect_uri': 'https://example.com/callback',
                'scope': 'user-read-currently-playing',
                'state': STATE
}

data_token = {
                'grant_type': "authorization_code",
                # how can I get the auth code 'code': auth_code,
                'redirect_uri': 'https://example.com/callback',
                'client_id': config.CLIENT_ID,
                'client_secret': config.CLIENT_SECRET
}

app_auth = requests.get(url=URL_AUTH, params=params_auth)

access_token = requests.post(url=URL_TOKEN, data=data_token)
Solution

  • https://accounts.spotify.com/authorize isn't an address your program is meant to make a request to. You're meant to open this page in a web browser for your user to log in and grant your app permission to do stuff on their behalf. Once the user is finished, and has either accepted or rejected your app's request for permission, they will be redirected to the redirect url, where you will receive an authorization code, which you can exchange for an auth token and a refresh token as you do in your second request.

    The whole authorization code flow is documented here. It's worth also looking at the Implicit Grant flow, which is a little simpler, and may fit your purposes.

    Spotipy has methods built in for these auth flows, so you may find it easier to use the library.