CODEWITHSUNDEEP
pythonspotify
Christiaan Maks
Christiaan Maks

Reputation: 3798

Spotify without Redirect URI?

I'm using Spotipy to get some spotify data from an authorized user but I can't understand how to authorize my account.

Am I correct in thinking that a server is required that hosts something at http://www.myapp.com/callback ? What needs to be returned? Maybe I'm completely missing something here... I'm very confused by the whole required redirect URI thing...

I am trying to make a program, without website, so how should I handle authorization? What exactly should the redirect URI do?

Thanks

Edit:

Using http://localhost:8888/callback as my redirect URI now and that works. I'm not even sure why since nothing is running on that port.

Upvotes: 2

Views: 6219

Answers (1)

deets
deets

Reputation: 6395

Disclaimer: I know nothing about Spotify's API. But I have worked with similar APIs in the past (or even designed them). What I assume is that they use some kind of OpenID/OAuth authorization mechanism.

The very nature of these APIs is that they work through the browser! The idea is that MyApp doesn't have your actual Spotify credentials, but instead some signed token it can use.

To communicate this token to the MyApp, there are the server-callbacks, outlined in your question. Because all the browser can do is to redirect to a special URL you provide, with some info added.

So there are conceptually two ways to deal with this:

  • the easy, server-based one: you in fact register a myapp.com. When your app tries to authorize with spotify, it first creates a unique resource (myapp.com/authrequests/HASH-NUMBER), and communicates this as callback. Then it goes through the motions of making spotify authorize it, and once these are finished, there will have been a call to myapp.com/authrequests/HASH-NUMBER/ADDITIONAL-INFO. So while your app is waiting for this to happen, it has to poll (or open a websocket and listen to that) myapp.com. Complicated? Wait, it gets better!

  • the harder, OS-dependent one: you write an application that registers itself as protocol-provider with your browsers. E.g. my company does that with the protocol "ableton". Thus we can make the browser generate "ableton://AUTHORIZATION-REQUEST-RESULT" URLs which will then be communicated through Browser and OS to the running application, and thus you receive the necessary secret.

HTH

Upvotes: 1

Related Questions