Client secret key is not used in get_user_profile?

spotify / web-api-examples

Basic examples to authenticate and fetch data using the Spotify Web API

Apache License 2.0

1.99k stars 1.67k forks source link

Client secret key is not used in get_user_profile? #110

Open heydarshahi opened 1 year ago

heydarshahi commented 1 year ago

Hi!

I was playing around with the get_user_profile example and realized that the client secret key is not used in the authentication process. I thought this was necessary for authentication. Does that mean it's not the case? Thanks for the help in advance!

Amin

ryandougc commented 1 year ago

The get_user_profile example uses the "authorization code with PKCE" method, which you can read about here. It is meant for client side authorization, in situations where the client secret cannot be stored securely. It uses a verification method instead of the client secret