Closed Stefterv closed 1 year ago
Hmmm, that does sound like a bug, I'll do a bit of investigation, sounds like maybe there's an issue with the cached token. Let me know if you do manage to delve deeper and find anything.
It's been fairly painful to replicate as I have to wait an hour every time for the auth token to expire. So far I've repeatedly found run across the first request before the redirect missing the actual Bearer token:
....
Accept-Encoding: gzip, deflate, br
Accept-Language: en-NL,en;q=0.9,en-US;q=0.8,nl;q=0.7,de;q=0.6
Authorization: Bearer
Content-Type: application/json
...
and thus receiving an 400 error:
...
Www-Authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
...
I think I spoke too soon in my pull request #2 and I'm still running into having to authenticate very often when using the Authorization Code Flow with PKCE method.
Right now I have to re-auth every few hours, previously when manually requesting a new token with the refresh token on the server that would be much less often.
Is this an inherent limitation of the auth method? Am I using the library wrong? Or is it a bug?
Normally I would've delved deeper into myself but I figured other people might run into too