vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Updated (UTC) |
|---|---|---|---|
| jamming | ✅ Ready (Inspect) | Visit Preview | Sep 14, 2023 4:21am |
Closed Matdweb closed 1 year ago
vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Updated (UTC) |
|---|---|---|---|
| jamming | ✅ Ready (Inspect) | Visit Preview | Sep 14, 2023 4:21am |
About this Pull Request
As explain in the #20 ticket we need an
access-tokento start making other requests to the Spotify API. This, after we already have an authenticated user and a validsession-token. Learn more about the app state manager in #21 pull request.Here you will find the step by step of:
How do we retrieve an access token?
First, as explained previously we need a valid
session-token. This is accomplish using theuseSession()from nextAuth, learn about it here, and learn about this app authentication with #14 PR.Once we have the
session-token:In the
SpotifyContextwe created agetAccessToken()function.This function checks IF there's already a valid
access-tokenthen just return it, ELSE request a newaccess-tokenfrom theSpotify API.If we need to request a new
access-tokenwe use therequestAccessToken()functionIn the
Important passing the
requestAccessToken()we make aPOSTrequest to theapi/spotify/accessTokenendpoint of the application. This request should like this:session-tokenin the bodyAt the end, if everything goes right the
accessTokenshould globally be updated to the new value.The expiration process should be handled
And the value should be returned
api/spotify/accessTokenThis endpoint is created to make requests in the backend because of security and best practices. In here we:
retrieve the
refresh-tokenfrom the body of the requestThen we make a
POSTrequest to https://accounts.spotify.com/api/token endpointThe request should look like this:
Being the
SpotifyCredentials.basicthe basic 64-bits combination betweenSPOTIFY_CLIENT_ID&SPOTIFY_CLIENT_SECRET.At the end, if everything goes right we should return a
NextResponsewith theaccess_tokenand theexpiration-timeStorage in SpotifyContext
Now, everytime the
getAccessToken()is called anyware. This checks if there's an access-token. If there's not, then request it. So, by making the call to this function, in the client, the state should always be updated with a valid value.How to retrieve the access token in the client?
useSession()methodsession-tokenin the session, like this:session?.token.accessTokenspotifyContextusing theuseContext(), learn more heregetAccessToken()form the Contextrefresh-tokenas parameterThis should look like this:
Test
As established in ticket #20 a test for this functionality was created with the
'Save this in Spotify'Button IMPORTANT: the tokenexpiration-timewas reduced for test purposes, but in the final code we set the right time expiration