Open nop33 opened 3 years ago
OmeGak
commented
3 years ago It looks like it's going to be possible to handle http requests in canisters starting from v0.7.0. This should allow us to implement OAuth Authorization Code to access private resources and get a Refresh Token.
OmeGak
commented
3 years ago The bad news is that my assumptions about outbound HTTP requests were wrong ([1][2]). The good news is that we can use Authorization Code Flow with Proof Key for Code Exchange (PKCE) instead. This workflow provides an access token that can be refreshed and is client-side only.
Hints:
Right now, if a Spotify token exists in the browser's localStorage, the Spotify login button is not being displayed and the app cannot communicate with the Spotify API. The code seems to not check for a token expiration.