![]() Redirect_uri: The REDIRECT_URI ( The token endpoint also has a required Authorization header, which needs to be a base 64 encoded string in this format: Authorization: Basic. When sent along in the body of the POST request, they need to be encoded in the application/x-www-form-urlencoded format.Ĭode: The authorization code (the code query param on the /callback URL) The three params required for the /api/token endpoint are grant_type, code, and redirect_uri. Similar to the /authorize endpoint, the /api/token endpoint has required body parameters. Set up environment variables #īefore making any requests to Spotify, we first need to make sure we have our app's client ID and client secret from the Spotify Developer Dashboard.ġ POST https: ///api/token We'll also be pulling from the Web API Auth Examples, which is referred to in Spotify's official web API tutorial. Note that we'll be heavily referring to Spotify's official documentation of the Authorization Code Flow. ![]() ![]() The ability to refresh an access token is a big advantage - users of our app will only need to grant permission once.īelow, we'll be going step-by-step through how to build out this flow with Node and Express. Out of all four of these flows, the Authorization Code Flow is the only one that lets the client access user resources, requires a server-side secret key (an extra layer of security), and provides an access token that can be refreshed. They all follow the OAuth flow we learned in the last lesson, but each has its own variation. The Client Credentials Flow is used for server-to-server authentication, but authorization does not grant permission to access user resources. For example, the Implicit Grant Flow can be implemented entirely client-side (no server), but it does not provide a refresh token. Spotify's Authorization Flows #Īccording to Spotify's Authorization Guide, there are four possible flows for obtaining app authorization:Īuthorization Code Flow With Proof Key for Code Exchange (PKCE)Įach of these flows provides a slightly different level of authorization due to the way it is granted. Now that we have a high-level understanding of what OAuth is for and how it works, let's take a closer look at how OAuth works with the Spotify API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |