Open m4ndycheung opened 5 months ago
m4ndycheung
commented
5 months ago I've tried this: https://www.viwizard.com/spotify-music-tips/embed-spotify-playlist-on-website.html, maybe it was obvious but we don't need authorization to see a playlist. The Client Credentials seem like a puzzle piece of the larger authorization picture I think 🤔.
ManSangSin
commented
5 months ago User Resources includes anything to do with a user such as:
ManSangSin
commented
5 months ago Client Credentials required to use the Spotify API It allows access to the spotify data which does not relate to a user such as album, artist or song details stored on spotify
ManSangSin
commented
5 months ago Confirm what Authorization we need for creating playlists and adding songs to that playlist For adding songs to a playlist/creating a playlist using the API, we need access to the user resources so the authorisation code flow needs to be followed (https://developer.spotify.com/documentation/web-api/tutorials/code-flow)
Confirm what Authorization is needed to get playlist from the Master Account and display it on our website Since we are not using the API to get the playlist (using embed player), we do authorisation (as Mandy mentioned above)
ManSangSin
commented
5 months ago Authorization Code Flow
From the guide the only reason not to use the standard Authorisation Flow and opt for PKCE is when the Client secret cannot be stored safely. Since we can use .environment variables to store the secret so that they are not visible, it seems the standard flow can be used
ManSangSin
commented
5 months ago Possible issue we may have:
If we want to automate the add song/create playlist processes later, we may have issues with the authorisation code flow as we will be redirected to the spotify login before accepting and returning to the website.
What we think Spotify Authorization:
To Do:
Dev Notes: