Getting Authorization code or Refresh token? #113
Comments
This SDK can only do what the native SDKs do. At least on iOS obtaining the authorization code is not possible. Not sure about Android. I would like to understand a bit more your scenario. Why do you need to refresh tokens on your own? It is handled by the native SDK. You can just reuse the same token on the web API. Your users won't need to login again. |
My use case is the following:
The reason is that the app could not stay awake to guarantee that it was still following the Spotify activity (at some point Android was killing the process - to save as much battery it can I guess). So I decided to « deport » this activity on an external server. The benefit is that the user can kill his app/phone and the activity is still being followed. |
|
It seems to me that you cannot avoid having to login at least once. It is
the only way to get a refresh token and then send it to you server.
You could also potentially setup a system with push notifications that wake
up the app and send the refreshed access token to your server.
…On Tue 22. Jun 2021 at 13:36, EagleOne33 ***@***.***> wrote:
I'm trying to find a way to get the correct credentials through the
Spotify App in order to avoid to make the user re-enter his Spotify
credentials in the web interface (very often they are logged in Spotify App
and don't even remember their password...).
So I would like to query authorization to the Spotify App and then keep
this alive with a refresh token.
I have found a correct way to do that thanks to a swap service on a server
(https://github.com/bih/spotify-token-swap-service).
But to make that work, I need either the authorization code or the refresh
token.
I understood from another issue that the refresh token could not be
delivered through this sdk.
Is it the same for the authorization code?
I have implemented the native Android Spotify SDK and I could get this
code (unfortunately not the case on iOS).
I was hopping flutter and this SDK could help.
Any idea?
This SDK can only do what the native SDKs do. At least on iOS obtaining
the authorization code is not possible. Not sure about Android.
I would like to understand a bit more your scenario. Why do you need to
refresh tokens on your own? It is handled by the native SDK. You can just
reuse the same token on the web API. Your users won't need to login again.
My use case is the following:
- Through my App you give authorisation to follow your Spotify activity
- from a deported server, the current activity of the user is
followed. Using the credentials retrieved at step above.
The reason is that the app could not stay awake to guarantee that it was
still following the Spotify activity (at some point Android was killing the
process - to save as much battery it can I guess). So I decided to
« deport » this activity on an external server. The benefit is that the
user can kill his app/phone and the activity is still being followed.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#113 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AARX7D62KEQQ2TUFRVBF3ADTUBRT7ANCNFSM47ANEFMQ>
.
|
|
Well on Android I managed to do it with the SDK. MyApp was opening the SpotifyApp for getting the autorisation code and that was it. |
|
iOS and Android use different authentication mechanisms. Just to clarify,
on Android, are you able to get the authorization code without ever
requiring the user to enter his credentials if he we was already logged in
in the app?
…On Tue 22. Jun 2021 at 15:41, EagleOne33 ***@***.***> wrote:
Well on Android I managed to do it with the SDK. MyApp was opening the
SpotifyApp for getting the autorisation code and that was it.
From there I could manage from the server side. Much more convenient from
a user perspective (no need for him to enter again his credentials).
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#113 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AARX7D3DYQSOIX3TDEBCZ2DTUCAGDANCNFSM47ANEFMQ>
.
|
Exactly |
|
Then the Android Spotify app must be storing the username and the password of the user somewhere. That seems questionable from a security standpoint. |
|
If it only works on iOS there is small value |
fotiDim
changed the title
|
As far as I diving deep to the package code, Why don't you export it via the library so we can use it? |
Are you referring to iOS or Android? |
Any platform. I develop application for both platforms. |
|
@Dev-Vinyldepository as far as I know the native Android SDK does not support this. For iOS you can read the comments above. |
This comment has been minimized.
This comment has been minimized.
|
So there is no way in android sdk to get access Token and refresh Token ? |
|
@vikrantyadav7 access Token yes, refresh Token no, last time I checked. Make sure you don't mix up the access Token with the Authorization code. |
|
Is there a way to get the Authorization Code? This way I could obtain the refresh token in my beckend |
|
is there now any possibility to use this package with iOS and android AND obtain the refresh token? What's the use case of being limited on android? |
|
Hi guys, any solution was found for this issue? i need to have with getAccessToken(...) in response also the refreshToken in order to store it in my be, and implement an automatic refresh token system, without any kind of impatc for final user. |
|
@Sbolder you'll most likely have to route it via your backend. That's what we did. |
|
@Jo-Chris a pull request in order to change getAccessToken in order to return also refreshToken is not possible? |
|
@Sbolder this issue is open for over 2 years now, so I don't think this is planned. |
I'm trying to find a way to get the correct credentials through the Spotify App in order to avoid to make the user re-enter his Spotify credentials in the web interface (very often they are logged in Spotify App and don't even remember their password...).
So I would like to query authorization to the Spotify App and then keep this alive with a refresh token.
I have found a correct way to do that thanks to a swap service on a server (https://github.com/bih/spotify-token-swap-service).
But to make that work, I need either the authorization code or the refresh token.
I understood from another issue that the refresh token could not be delivered through this sdk.
Is it the same for the authorization code?
I have implemented the native Android Spotify SDK and I could get this code (unfortunately not the case on iOS).
I was hopping flutter and this SDK could help.
Any idea?
The text was updated successfully, but these errors were encountered: