search

spotipy-dev / spotipy

A light weight Python library for the Spotify Web API
http://spotipy.readthedocs.org
MIT License
5.04k stars 959 forks source link

Authentication page pops up every time `spotipy.oauth2.SpotifyPKCE()` is called #864

Open TheMayhem6328 opened 2 years ago

TheMayhem6328 commented 2 years ago

Hello! I can't seem to figure out why oauth page pops up every time I call spotify - trying to use PKCE method to prevent client_secret leak. Here's an example code that I'm running

import spotipy
secret = spotipy.oauth2.SpotifyPKCE("<clientid>", "http://127.0.0.1:8000/spotify/callback/", cache_handler= spotipy.CacheFileHandler(".cache_sp"))
spotify   = spotipy.Spotify(auth_manager=secret)

# Build result
query             = "This is a test"
result            = spotify.search(q=query,type="track")
resultTrack       = spotify.track(track_id=result["tracks"]["items"][0]["id"])
resultAlbum       = spotify.album(album_id=resultTrack["album"]["id"])
resultFeatures    = spotify.audio_features(resultTrack["id"])[0]

# Printout - not actually there in my implementation
print(str(result))
print(str(resultTrack))
print(str(resultAlbum))
print(str(resultFeatures))

This code asks for authentication 4 times - I can see that the token is being cached, but why is the script not using cache and re-authenticating every time? I'm new to Spotipy, Spotify API and anything API really, by the way.

Peter-Schorn commented 2 years ago

It looks like there is a bug in which the token info is rejected as invalid if it is not authorized for any scopes. As a workaround, for these endpoints, you can use the SpotifyClientCredentials authorization manager, or authorize for at least one scope.

TheMayhem6328 commented 2 years ago

Kinda relieved to know that I haven't been doing anything wrong. This is the workaround I found for now:

secret = spotipy.oauth2.SpotifyPKCE("<clientID>", "http://127.0.0.1:8000/spotify/callback/", cache_handler= spotipy.CacheFileHandler(".cache_sp"))
spotify   = spotipy.Spotify(auth=auth_mgr.get_access_token())

restOfMyCode()

Still asks for authorization, but now it at least asks for authentication only once per code run instead of every time spotipy.Spotify() is called

TheMayhem6328 commented 2 years ago

authorize for at least one scope

I overlooked that initially - that works just fine. Thanks for suggesting that!

TheCheddarCheese commented 7 months ago

It looks like there is a bug in which the token info is rejected as invalid if it is not authorized for any scopes. As a workaround, for these endpoints, you can use the SpotifyClientCredentials authorization manager, or authorize for at least one scope.

Are there plans for this to be fixed? Is it an issue on Spotify's end?