search

spotify / web-api

This issue tracker is no longer used. Join us in the Spotify for Developers forum for support with the Spotify Web API ➡️ https://community.spotify.com/t5/Spotify-for-Developers/bd-p/Spotify_Developer
983 stars 79 forks source link

[Problem] Playlists Endpoint returning different results based on Auth Token #1531

Closed OskarEichler closed 4 years ago

OskarEichler commented 4 years ago

Hey guys, just discovered a pretty big problem with data consistency across the Playlists API Endpoint: GET /v1/playlists/{playlist_id}

When calling the API Endpoint via an OAuth Token generated through the web console, or the access token of any user that visits open.spotify.com, the API results are significantly different for some playlists than when using the access token obtained via authenticating with the ClientID & Secret of an App.

For example: When we call '/v1/playlists/37i9dQZF1DXa8NOEUWPn9W' using the OAuth Token generated from within the Web Developer Console (https://developer.spotify.com/console/get-playlist/) it actually returns the real playlist results that are also visible to any user visiting the playlist from within their browser or app. In this case the first track is: Will Clarke - Hallelujah

Doing the exact same call '/v1/playlists/37i9dQZF1DXa8NOEUWPn9W' but using the OAuth Token obtained by authenticating our developer app (https://accounts.spotify.com/api/token), the result is drastically different and the first track now is: Dombresky - Meli-Melo

Steps to reproduce: Generate Auth Token via: https://open.spotify.com/get_access_token Then call GET /v1/playlists/{playlist_id} with the returned accessToken as Bearer Token --> Real Playlist Results

Generate Auth Token via: https://accounts.spotify.com/api/token with app credentials Then call GET /v1/playlists/{playlist_id} with the returned access_token as Bearer Token --> Strange Playlist Results

Expected behaviour: The API results returned via the access_token generated with app client credentials should return the same results like users see in their playlists.

Issue found on April 11th 2020.

Additional thoughts: A workaround would be to generate temporary tokens on the fly via open.spotify.com/get_access_token , but that's firstly not intended and secondly it would always change the snapshot_id of the playlist. That's a different topic, but why is the snapshot_id not consistent for the same playlist across all authentications?

leboff commented 4 years ago

Running into this same thing. Looks like the same thing as #858, and seems to only be an issue with Spotify created playlists.

joshubrown commented 4 years ago

Hi @OskarEichler. Some playlists are personalized, so different users will see different tracks. Tokens you obtain through the client credentials flow are not associated with a user. You can find more information about personalized playlists here.