Open m4ndycheung opened 5 months ago
I've tried this: https://www.viwizard.com/spotify-music-tips/embed-spotify-playlist-on-website.html, maybe it was obvious but we don't need authorization to see a playlist. The Client Credentials seem like a puzzle piece of the larger authorization picture I think 🤔.
User Resources includes anything to do with a user such as:
Client Credentials required to use the Spotify API It allows access to the spotify data which does not relate to a user such as album, artist or song details stored on spotify
Confirm what Authorization we need for creating playlists and adding songs to that playlist For adding songs to a playlist/creating a playlist using the API, we need access to the user resources so the authorisation code flow needs to be followed (https://developer.spotify.com/documentation/web-api/tutorials/code-flow)
Confirm what Authorization is needed to get playlist from the Master Account and display it on our website Since we are not using the API to get the playlist (using embed player), we do authorisation (as Mandy mentioned above)
Authorization Code Flow
From the guide the only reason not to use the standard Authorisation Flow and opt for PKCE is when the Client secret cannot be stored safely. Since we can use .environment variables to store the secret so that they are not visible, it seems the standard flow can be used
Possible issue we may have:
If we want to automate the add song/create playlist processes later, we may have issues with the authorisation code flow as we will be redirected to the spotify login before accepting and returning to the website.
What we think Spotify Authorization:
To Do:
Dev Notes: