elliotwms
commented
2 years ago Implicit grant bad https://oauth.net/2/grant-types/implicit/
Let's look at authorisation code flow with PKCE instead https://developer.spotify.com/documentation/general/guides/authorization/code-flow/
As the application is short-running, there's no need for a full authorisation code flow.
Implementing the implicit grant flow removes the requirement for a client-side secret, which means we can bundle the client ID into the application, and there's no need for users to create their own Spotify app
Requirements
opml-to-spotifyapplication client ID into the build (nice to have if Spotify approve the application)