zaka100
zaka100

Reputation: 342

Spotify "Unexpected status: 400" when refreshing and accessing token - python

When trying to authorize spotify using python 3, I get a "server_error" with the description "Unexpected status: 400".

I am using the correct authorization code and the spotify documentation (https://developer.spotify.com/web-api/authorization-guide/) instructed me to use a post command with those parameters.

I'm quite a noob in this and I do not know what I am doing wrong.

Here is the code:

import requests

params = {'grant_type': 'authorization_code', 'code': authcode, 'redirect_uri': 'https://example.com/callback','client_id':'example', 'client_secret':'example'}

req=requests.post('https://accounts.spotify.com/api/token', params=params)
print(req.content)

Upvotes: 0

Views: 618

Answers (1)

David Simic
David Simic

Reputation: 2101

According to spotify's own guide (see step #4):

https://developer.spotify.com/web-api/authorization-guide/

The authorization info for requesting a new token must go in the header via an "Authorization" variable:

Authorization: Required. Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic base64 encoded client_id:client_secret

You have it instead in the request body itself.

So you should do something like:

import requests
import base64

authcode = 'valid_authcode_from_prev_authorization_step'

params = {'grant_type': 'authorization_code', 'code': authcode, 'redirect_uri': 'https://example.com/callback'}

client_id = 'example_id'
client_secret = 'example_secret'

b64_val = base64.b64encode("%s:%s" % (client_id, client_secret))

req = requests.post(
    'https://accounts.spotify.com/api/token', params=params,
    headers={'Authorization': b64_val})

However, for this to work you need a valid auth code which you can only get by having the user go through the auth step which precedes the token acquisition step.

This code gets sent to the callback you have registered in your app settings, which won't work if you have a fake callback set (ie: http://example.com/callback).

Upvotes: 1

Related Questions