I am using the following package: https://pub.dev/packages/spotify_sdk
This package provides the method getAuthenticationToken which returns an access token to spotify to be used with my server to retrieve some spotify's data related with the user:
authenticationToken = await SpotifySdk.getAuthenticationToken(
clientId: dotenv.get('SPOTIFY_CLIENT_ID'),
redirectUrl: dotenv.get('SPOTIFY_AUTH_REDIRECT_URL'),
scope: 'user-read-email, user-top-read',
);
However, this token expires after 1 hours. Is there any way, without front end code (only server side), to refresh this token? What are my options?
There is no direct way to get a refresh token via the package. But there are other ways to get around this limitation. See bypass
Normally the Spotify auth api would include a refresh token, but this feature does not exist in the android sdk (cf: flutter package: #75 Android sdk: #12 #220 #225) although it is supported by the ios as well as the web sdk.
If the app is to be used only from ios or from the web, the maintainers of the flutter package would most likely accept a pr that exposes the refresh methods of the supported platforms even though it would bring little value.
If you are familiar with android development and the feature is important to you, you can try to integrate this feature into the android sdk yourself and then expose it in the flutter sdk.
Here this was already done in a fork:
The maker already opened a pull request but it has no responses yet (opend late 2018).
A way around this would be to store the username and password of the user on the device (or on the server) although this would be bad from a security standpoint.
Another inspiration might be this comment from an android-sdk user who routed authentication through his server.