jschr
commented
7 years ago Going with a hardcoded refresh token for simplicity.
Closed jschr closed 7 years ago
jschr
commented
7 years ago Going with a hardcoded refresh token for simplicity.
Would love to support Spotify Player API to get currently playing track but this needs to be done through OAuth (login with your Spotify account)
This means I need a public endpoint for Spotify to redirect to.
Could setup an APIG endpoint and save the access token to dynamo (or elasticache).
Using S3 and APIG redirects I could make a simple (and secure!) workflow for authenticating:
jschr.io/spotify?token={token}-> auth lambda (verify token) -> redirect to spotify login ->user login -> redirect to save access token lambda -> redirect to jschr.ioToken can be a APIG key but need a lambda to verify the query string parameters because APIG auth uses a x-api-key header.
https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow https://developer.spotify.com/web-api/get-the-users-currently-playing-track/ https://api.producthunt.com/v1/docs http://blog.ryangreen.ca/2016/01/04/how-to-http-redirects-with-api-gateway-and-lambda/ http://stackoverflow.com/a/22750923/1249098