search

spotipy-dev / spotipy

A light weight Python library for the Spotify Web API
http://spotipy.readthedocs.org
MIT License
5.05k stars 960 forks source link

How to manually delete refresh token after it has been revoked by Spotify by a password change. #711

Open kwakubiney opened 3 years ago

kwakubiney commented 3 years ago

So I changed my Spotify password and then, tried using the Spotify API but I kept getting hit with error: invalid_grant, error_description: Refresh token revoked . I tried looking through the codebase to find an implementation which deletes this refresh token and replaces it with a new one after a new authorization code is gotten from spotify on a subsequent API request. I couldn't find a way around this although I have not really thought it through, I assumed there'll be an implementation for this in Spotipy.

The code responsible for handling authorization code for access token and refresh token

 def login(request):
    if request.GET.get("code"):
       code= request.GET.get("code")
       request.session["access_token"] = oauth.get_access_token(code)

I expected Spotipy to delete old refresh token and create new one.

http://127.0.0.1:8000/accounts/spotify/login/callback/?code=AQApWwuisQLoorWTU69_36X_61mP- 
LFpoOCp6L2f_m7T6pXcQcqIcRmU1WXP4IODuZ8ISJzkU3fjF80fZx21_Zxw6QnwJMoK45Pkqh95TgG- 
Xe_xS8KwsKB8z1jzVcNyTotKdmO4YmxfnUvJu_Pp4hrGjoK9VI-cuGqDYPtwBogYqfUPqsfyRE- 
F1xJ1Z3F1rOXn3yW3IWuLbA&state=VYgl7i4tteOl
3.1.3
SpotifyOauthError
error: invalid_grant, error_description: Refresh token revoked
 C:\Users\Kwaku Biney\Desktop\sparison-1\project\venv\lib\site-packages\spotipy\oauth2.py, line 576, in 
 refresh_access_token

-Windows

Peter-Schorn commented 3 years ago

What is the type of oauth? Post the code where you create it.

kwakubiney commented 3 years ago

@Peter-Schorn 

caches_folder = "./.spotify_caches/"
if not os.path.exists(caches_folder):
      os.makedirs(caches_folder)

Create session path with UUID

 def session_cache_path(): 
      return caches_folder + str(uuid.uuid4())

  cache_path = session_cache_path()

  #Extract UUID from path
   def extract_uuid(cache_path):
       return cache_path[18:]

    cache_handler = CacheFileHandler(cache_path = cache_path)
    oauth = SpotifyOAuth(
    redirect_uri="http://127.0.0.1:8000/accounts/spotify/login/callback/",
    scope='user-library-read',
    cache_handler = cache_handler)
Peter-Schorn commented 3 years ago

Just delete the cache file at cache_path. That's where the token info is stored.

kwakubiney commented 3 years ago

@Peter-Schorn okay will try that.

jac0b-w commented 3 years ago

I have had a similar issue where changing the API keys doesn't remove the existing cache and there's no easy way to detect if the API keys have changed just from the cache file. Is there an easier way to know if the cache is outdated/revoked or will I have to keep track of if the API keys have changed myself?

Peter-Schorn commented 3 years ago

By "API keys" are you referring to the client id and client secret? If so, then it is your responsibility to maintain a separate cache file for each client id and client secret. If you don't then there will be no way to tell after the fact which client id and secret each cache file corresponds to. Remember, you can manually specify a path for the cache file.

jac0b-w commented 3 years ago

Ah that makes sense. Any suggestions on how to name the cache file for each client id/client secret pair? My initial thought is to hash the keys to make it unique but there might be a better way.

Peter-Schorn commented 3 years ago

How many different client ids and secrets do you have? You shouldn't need more than one.