Serenata27
commented
7 months ago Imported Spotify sdk
Open wlu314 opened 7 months ago
Serenata27
commented
7 months ago Imported Spotify sdk
wlu314
commented
7 months ago This code includes the SpotifyAPI package and the ConnectSpotifyPage.java
User initiates login: The user clicks on the login button (R.id.spotify_login_btn) in the ConnectSpotifyPage activity, which triggers spotifyHandler.initiateLogin().
Spotify login and authorization: initiateLogin() builds and sends an authentication request to Spotify. If the user authorizes your application, Spotify redirects the user back to your application with an intent that contains the authorization code or access token
Handling the redirect: The Android system calls onNewIntent(Intent intent) in the ConnectSpotifyPage activity, providing the intent that contains the URI with the authentication response. onNewIntent then calls spotifyHandler.handleIntent(intent).
Processing the authentication response: handleIntent extracts the data from the URI and processes the authentication response. If the authentication is successful and an authorization code is received, it calls requestAccessToken(authorizationCode) to exchange the authorization code for an access token. If the response contains an access token directly, it can notify the listener immediately.
Exchanging the authorization code for an access token: The requestAccessToken method sends a request to Spotify's /api/token endpoint to exchange the authorization code for an access token and, if successful, notifies the listener by calling onTokenReceived(accessToken).
Fetching user information: Once the access token is received, onTokenReceived is called, which triggers fetchUserInformation(accessToken) to retrieve the user's Spotify profile information.
Navigation: Finally, after the user's information is fetched, onTokenReceived navigates the user to another activity (e.g., Statistics).
Hardcoded Credentials: CLIENT_ID and REDIRECT_URI should be removed for security reasons. Consider using a more secure way to store and retrieve these values, perhaps through environment variables or a configuration file that's not included in your version control.
Error Handling: While there is some basic error handling, I consider more detailed error management. For example, I could log or handle different HTTP response codes differently or manage exceptions more granularly.
Security: Ensure handling the refresh token securely. Storing it in SharedPreferences is okay for a simple application but consider encrypting sensitive information.
Callback Interface Null Checks: I am already checking if listener is null before calling methods on it, which is good. Make sure this pattern is consistently applied wherever needed.
Refreshing Tokens: The code handles receiving and storing a refresh token but doesn't demonstrate how to use this token to refresh an expired access token. Implementing a refresh flow will be necessary for a seamless user experience.
As the user first opens the app, if the user doesn't have an account, they will create a new account and login into Spotify. The entered information should be stored in our database. If user already has an account, checked after the splash screen, then user will be prompted to the home page.