Request token raises invalid_client when using Header Authorization

ryanermita commented 6 years ago

using client_id and client_secret in payload works fine.

@app.route("/auth/callback")
def spotify_auth_callback():

    auth_token = request.args['code']
    request_token_payload = {
        "client_id": CLIENT_ID,
        "client_secret": CLIENT_SECRET,
        "grant_type": "authorization_code",
        "code": auth_token,
        "redirect_uri": REDIRECT_URI
    }

    request_auth_token = requests.post(SPOTIFY_TOKEN_URL, data=request_token_payload)
    return jsonify(request_auth_token.json()), 200  # returning post response for testing purposes.

but im curious why does spotify raises invalid_client when im passing my base64encoded client id and client secret?

@app.route("/auth/callback")
def spotify_auth_callback():

    auth_token = request.args['code']
    client_credentials = "{}:{}".format(CLIENT_ID, CLIENT_SECRET)
    client_credentials_base64encoded = base64.b64encode(client_credentials.encode())
    headers = {"Authorization": "Basic {}".format(client_credentials_base64encoded), 
               "Content-Type": "application/x-www-form-urlencoded"}
    request_token_payload = {
        "grant_type": "authorization_code",
        "code": auth_token,
        "redirect_uri": REDIRECT_URI
    }

    request_auth_token = requests.post(SPOTIFY_TOKEN_URL, data=request_token_payload, headers=headers)

    return jsonify(request_auth_token.json()), 200

jscholes commented 6 years ago

base64.b64encode returns bytes, not an str. You need to decode it before you can use it in a format string to create your Authorization header.

>>> client_id = 'A_CLIENT_ID'
>>> client_secret = 'A_CLIENT_SECRET'
>>> encoded = base64.b64encode('{}:{}'.format(client_id, client_secret).encode('utf-8'))
>>> type(encoded)
<class 'bytes'>
>>> print('Basic {}'.format(encoded))
Basic b'QV9DTElFTlRfSUQ6QV9DTElFTlRfU0VDUkVU'
>>> print('Basic {}'.format(encoded.decode('utf-8')))
Basic QV9DTElFTlRfSUQ6QV9DTElFTlRfU0VDUkVU

ryanermita commented 6 years ago

ohhh thats why! Thank you @jscholes :+1:

Rajesh559 commented 5 years ago

I want to implement same code in Javascript please help with that For mass payouts in Epayments.

spotify / web-api

Request token raises invalid_client when using Header Authorization #964