How to get refresh token with spotify oauth

nraboy / ng-cordova-oauth

AngularJS oauth library for use with Apache Cordova projects

https://www.thepolyglotdeveloper.com

MIT License

456 stars 199 forks source link

How to get refresh token with spotify oauth #328

Closed fquirogam closed 7 years ago

fquirogam commented 7 years ago

Is there anyway to get refresh token from the spotify oauth? I'm only getting the accessToken

nraboy commented 7 years ago

Spotify offers an implicit grant solution so it was used in favor of the explicit alternative. Implicit grants do not issue refresh tokens as they are designed for client facing applications.

While some providers in this library use explicit grants, it is best to have them done server side due to the client secret key.

Best,

fquirogam commented 7 years ago

So, for me (since from access_token there is no way to get the refresh token) I have to completely ignore this library and make my own authentication flow?

nraboy commented 7 years ago

Access tokens have expiration times. You have a few options:

Ask the user to sign in again after the token expires
Get the authorization code via the library and complete the flow server side and let your server manage the refresh token
Implement your own oauth flow

I encourage you to read about oauth, implicit grants, and explicit grants and fully understand what is happening with each. Your users will appreciate proper security within your application.

Best,