Provide a way to refresh token

[dimitris-athanasiou]

There is no way to refresh the authentication token via the SDK. This seems to be an omission that really hinders good user experience, as can be seen in https://github.com/spotify/android-sdk/issues/12#issuecomment-544844910.

This issue is a request to provide a way to refresh the authentication token so that an app can keep working without requesting the user to login over and over again.

[snappdevelopment]

@mdelolmo Hi, I am not sure who to tag, but does this feature have any priority? Or is it not gonna happen in the near future? Be being able to refresh the token silently, would have a lot of benefits for apps which mainly run in the background, without much user interaction.

[mdelolmo]

Hi @snappdevelopment I'm not currently working on the SDK, but to the best of my knowledge, this feature is not currently in the product backlog.

[GhimpuLucianEduard]

I've also faced the same problem and it's quite frustrating.

What I ended up doing is handling the auth with AppAuth, it's quite similar to the implementation of the Spotify SDK, the main difference is that instead of using a "login activity" the library uses custom tabs.

Using AppAuth you can retrieve both access and refresh token and refresh them as needed also it supports PKCE for extra security.

[rohit-ganapathy]

@GhimpuLucianEduard does the access token retrieved with app-auth work with the SpotifyRemoteSDK?

[GhimpuLucianEduard]

@rohit-ganapathy

I've not tried the SpotifyRemoteSDK but as long as it needs a regular Spotify token, yes it will work. AppAuth it's basically it's just an alternative to the Spotify auth library. In theory, you could handle the auth flow even without any libraries.

[pghazal]

As @GhimpuLucianEduard suggested, I ended up implementing AppAuth and I've made it a library to make it easy to integrate in apps. The project is a fork from spotify-web-api-android.

Check the needed auth dependency and this section to get access token and silently refresh token in your app.

Hope I'm allowed to share here and hope this helps.

[tinder-levonpetrosyan]

I've also faced the same problem and it's quite frustrating.

What I ended up doing is handling the auth with AppAuth, it's quite similar to the implementation of the Spotify SDK, the main difference is that instead of using a "login activity" the library uses custom tabs.

Using AppAuth you can retrieve both access and refresh token and refresh them as needed also it supports PKCE for extra security.

Does this mean that the user should fill in their username and password in order to authenticate? even if they have Spotify app installed with the logged-in user

[tbassani]

Is there a way to auto-sign the user if they have Spotify installed and get the refresh token?

[Sbolder]

Anyone have find a solution for this issue?

[tobika]

Not sure if I understood correctly the question here but I'm using the Spotify Auth SDK to get authorization via the app, without entering the password. The important part is to use CODE Response type and not TOKEN (can't be refreshed) https://spotify.github.io/android-sdk/auth-lib/docs/com/spotify/sdk/android/auth/AuthorizationResponse.Type.html

Once you have the CODE you can transform it to an access and refresh token via the spotify api: https://accounts.spotify.com/api/token

Example of such a token exchange server: https://github.com/Festify/cordova-spotify-oauth/blob/develop/oauth-token-api/spotifyTokenService.js