Using Spotipy in Django Application - access_token is the same for all the users, even with different Spotify accounts.

[Rafael-Rueda]

So, to begin, I have this view which leads me to the beggining of my Spotipy authentication proccess:

from django.conf import settings
from django.shortcuts import redirect, render
from spotipy import Spotify
from spotipy.oauth2 import SpotifyOAuth

def spotify_auth(request):
    if 'token_info' in request.session:
        del request.session['token_info']

    sp_oauth = SpotifyOAuth(
        settings.SPOTIFY_CLIENT_ID,
        settings.SPOTIFY_CLIENT_SECRET,
        settings.SPOTIFY_REDIRECT_URI,
        scope="user-library-read user-top-read user-read-playback-state user-read-recently-played",
    )

    auth_url = sp_oauth.get_authorize_url()
    return redirect(auth_url)

With this, I get a code as a query string in my URL, which is used to receive my access_token to Spotify API. Here is how I use this code to get my access_token:

• Note: My SPOTIFY_REDIRECT_URI leads to this view (rooms), which renders a template.

  def rooms(request):
  
  if 'code' in request.GET:
      sp_oauth_token = SpotifyOAuth(
          settings.SPOTIFY_CLIENT_ID,
          settings.SPOTIFY_CLIENT_SECRET,
          settings.SPOTIFY_REDIRECT_URI,
          scope="user-library-read user-top-read user-read-playback-state user-read-recently-played",
      )
  
      code = request.GET['code']
  
      token_info = sp_oauth_token.get_access_token(code=code)
      print(token_info['access_token']) # Attention to this print.
  
      request.session['token_info'] = token_info
  
  # Other logic here...
  return render(request, "my-rooms-template.html")

  In my print, I can see the access_token provided by the code, provided by the authorization of the user in the Spotify's website. However, if I try to change the Spotify Account, opening a new tab in browser, (anonymous), and try to make the same process, i get an identical access_token as before, even with different Spotify accounts. So all the data i would use in my application, would be from a unique Spotify account, which is not what i want.

If someone know why this is happening, i would be very thankful !

Additional:

When I restart all my project from scratch, then, I do the first spotify authentication into my website, (which the spotify user is in the User Management of my Spotify App). I get as result, the new user information, and a new access token. However, if try to login with a new Spotify user, the token remains the same, and the information is all of my first authenticated user.

I can imagine that there is something like a "cache" of access tokens, or something like that, that i need to clear before making another authentications. I dont know if its real, but any ideas would help me figure out.

Possible Solution:

https://developer.spotify.com/documentation/web-api/tutorials/implicit-flow

Use the implicit flow without Spotipy module. Use requests module instead, to make requests to Spotify API. This worked for me, but I still want to know the answer, why was I receiving the same access token for different users ?

[travesties]

For anyone who is experiencing this problem, Spotipy does in fact cache access tokens. You can disable this when calling get_access_token by passing in the parameter check_cache=False. Here is the source code in question

[dieser-niko]

Hi there, no need to do check_cache=False. You can just use spotipy.cache_handler.DjangoSessionCacheHandler which would bind the token to sessions.