Here you also validate a state variable for XSS safety reasons.Take the authentication code from the request’s query and covert it into access and refresh tokens.Spotify will send the user back with some special information in the request query.After logging in, the user is sent to whatever page you designated for the redirect in your link.Have the user click a link that leads to a /login endpoint, which sends the user to a Spotify Account Login page.
Particularly, it doesn’t mention refresh tokens and the bottom half is kind of unclear. I can’t cover every factor of how your app’s auth can/should/could be implemented, but I can at least provide a good gist of what you’ll be going through here.Īlso, I think there’s some flaws in the chart. Spotify provides this neat `lil chart for how exactly the Authorization Code Flow should go for your application, which is neat!īut to me, it wasn’t entirely straightforward on what you could expect during the whole process. This is a top-down view of how I got everything to a working state using Spotify’s Authorization Code Flow and Spotify Web API Node.
It took me a long while to get authorization right for Melrady. Spotify’s Authorization Code Flow For Dummies
