User authentication for a mobile app

[ColorTwist]

Hey,

Started to try SpotifyAPI-NET, Great work! I do have a question, In order to retrieve a user playlists I use: Paging<SimplePlaylist> userPlaylists = api.GetUserPlaylists(userSpotifyUserName); Prehand i use SecretId/ClientId to receive a token like in the examples which is provided in this git.

I want to show user playlists on my android app, Is it a common use to prompt the user to input his/her Spotify username to be able to populate userSpotifyUserName;

[Saik19922]

To easily retrieve user specific information you should authenticate via Implicit/Authentication Workflow. To do that you will need to somehow get a browser/server pair running. I did have issues getting this to work for Xamarin - you can also try using Local API or spotify's android/ios SDK.

[ColorTwist]

Thanks for the reply. For mobile application with authentication method do you recommend?

[Saik19922]

It really depends on what you intend to do.

I know that if you only need playback/user info ect. on that device I would go for Local API as that's the least user interaction. Please check Local API's limitations for that.

If you need access to other devices I would go for TokenSwap authentication. This definitely needs a webserver however, but the TokenSwap Factory is quite good especially with auto refresh.

After all, I'd really advise you to go with Spotify's SDK (Found here. This does need you to go with Java/Android Studio, but the swap from C# to Java isn't that horrible. And their auth library handles Local API quite well.

Hope this did help.

[ColorTwist]

I see, Thanks. well, just need to login user and get his playlists and add tracks to the playlist. I did manage to use 'AuthorizationCodeAuth' with Local redirect, but on mobile, it won't open the browser to authenticate, I guess it's a common issue?

[Saik19922]

Wouldnt say it's an issue - rather expected behaviour.

As you're unable to either open a browser via c# on an Android Device (assuming you develop for android) or even host a server, most of stuff here simply won't work. Also the .net LocalAPI is deprecated/removed as of #254 .

Your best and easiest bet developing for android is, as I said before, going with Spotify's Android SDK which works flawlessly. I may be very wrong at it being your best bet, but it is surely the easiest way.

If you're on iOS theres also a SDK available.

[ColorTwist]

unable to either open a browser via c# on an Android Device (assuming you develop for android)

Yeah, I can't open browser under the android device. I believe it I can make the browser open under Android it might work without using Spotify's Android SDK. Oh and i am trying to implement this on Unity, I can't use the SDK from the link your provided :\

[rollersteaam]

@ColorTwist Are you sure there isn't an embedded web browser element that you can use? I know Xamarin has a WebView, I've been using it for my own mobile project and used TokenSwap factory to pull that off.

If you're using Unity to do it then you'll need to find a way to open a web page within the game. It's definitely possible, it's just difficult. A plugin exists but it's very expensive. An answer I read about said if you could get a web page as a byte array (byte[]) you would be able to display it as a texture inside the game. Not an unreasonable shout given what System.Web can do.

Just some guidance for if you do use TokenSwapWebAPIFactory: you'll need to change the HostServerUri property to "http://127.0.0.1:4002", mobile phones do NOT like you using "localhost". Additionally, while setting up a server that will handle the token swapping might seem like hard work and very stressful, the documentation goes pretty in-depth on how to do it and even links to php and Heroku (a server hosting service, maybe an easier option than php, example is coded in Ruby) examples so you don't need to do server-side coding yourself.

[ColorTwist]

hey @rollersteaam Thanks for the feedback.

    auth.Start();
    auth.OpenBrowser();

What doesauth.OpenBrowser(); actually open, is it a specific url that auth.Start() genereates? I might be able to open html with Unity if I investigate a bit more, like with the plugin you suggested.

Oh i see it's opens something like: https://accounts.spotify.com/en/authorize/?client_id=123456789&response_type=code&redirect_uri=http:%2F%2Flocalhost:4002&state=d22d534d3&scope=playlist-modify-public .....................

Is it possible to get that URL from authsomehow? and open this url directly without using the auth.OpenBrowser();

[Saik19922]

Auth.GetUrl();/Auth.Url if I recall correctly. You may want to check source for that.

If you get that URL you can just put it into any sort of WebView/Browser - assuming you have the localhost/127.0.0.1:4002 server running.

[ColorTwist]

Yeah, it's Auth.GetUrl(), thanks.

I am using, AuthorizationCodeAuth, or at least trying to use it with Unity. I don't have a server running at localhost/127.0.0.1:4002, i assumed it's just a generic setting used from spotify app settings to make AuthorizationCodeAuth work.

[rollersteaam]

Yeah AuthorizationCodeAuth creates a server on your device that Spotify redirects its access token to, therefore resulting in your application receiving the token (because AuthorizationCodeAuth waits for it) and then it allows the Spotify playback control and every other feature. But that's all the logic SpotifyAPI-NET does, so you don't need to worry about it

If you find that the default settings aren't working for your mobile device, you can always change this here:

    AuthorizationCodeAuth auth = new AuthorizationCodeAuth(
      _clientId,
      _secretId,
      "http://localhost:4002", // Change both of these to "http://127.0.0.1:4002" instead
      "http://localhost:4002",
      Scope.PlaylistReadPrivate | Scope.PlaylistReadCollaborative
    );

[JohnnyCrazy]

I'm not sure if local HTTP Servers are supported on mobile devices. If it's not working and you need long living tokens, I suggest to use a backend server which does the token exchange stuff. You can use https://johnnycrazy.github.io/SpotifyAPI-NET/auth/token_swap.html#using-tokenswapwebapifactory for example