CODEWITHSUNDEEP
pythonspotipy
enzo
enzo

Reputation: 11496

Making Spotipy program user-friendly

I've created a simple Python program using Spotipy that shows some recommended tracks based on the tracks downloaded in the user device. But I'm having some trouble on making the program user-friendly.

First of all, is there any problem by sharing my Client ID and my Client Secret with the user by, for example, uploading my code in GitHub? Can I use Redirect URI as being http://localhost/ or should I create a website for my program for securing purposes? In Username field, it should be the username of the account to be analyzed or it can be anything, like "Brian Rogers"?

In the authentication part, it shows the user in Python console the following message:

User authentication requires interaction with your
    web browser. Once you enter your credentials and
    give authorization, you will be redirected to
    a url.  Paste that url you were directed to to
    complete the authorization.

Opening https://... in your browser

Enter the URL you were redirected to:

My question is: since I'm managing to use Tkinter, how can I redirect the input from the Tkinter input box to the Python console?

Finally, how long does the authentication token take to expire? And if so, how to renew it (if possible, so that only the user enters when they run the program for the first time)?

Thanks in advance for the patient!

Upvotes: 2

Views: 287

Answers (1)

ritiek
ritiek

Reputation: 2827

I'll address all your questions one by one.

is there any problem by sharing my Client ID and my Client Secret with the user by, for example, uploading my code in GitHub?

One should always avoid putting personal credentials in the source. If someone misuses your credentials, you'll be the one who will be held responsible because they are YOUR credentials. In any case, the only havoc I can imagine one could cause is to spam requests to Spotify's API which I believe Spotify's API already has protections and will drop further requests if it detects request spam. I've had and seen some projects put their Spotify and YouTube API credentials by creating special accounts for generating API credentials for their projects, in their source code and push to GitHub to make the tool easier to setup for use.

Can I use Redirect URI as being http://localhost/ or should I create a website for my program for securing purposes? In Username field, it should be the username of the account to be analyzed or it can be anything, like "Brian Rogers"?

As you're only searching for relevant tracks on Spotify, I believe you probably don't need to access the personal information of the Spotify user whose credentials you are using. If so, you can avoid both passing the username and verifying the redirect URI, by using oauth2.SpotifyClientCredentials to authorize yourself:

import spotipy
import spotipy.oauth2 as oauth2

credentials = oauth2.SpotifyClientCredentials(
        client_id=client_id,
        client_secret=client_secret)

token = credentials.get_access_token()
# This won't prompt for verification of Redirect URI
sp = spotipy.Spotify(auth=token)

My question is: since I'm managing to use Tkinter, how can I redirect the input from the Tkinter input box to the Python console?

You won't need to, if you use oauth2.SpotifyClientCredentials as mentioned above.

Finally, how long does the authentication token take to expire? And if so, how to renew it (if possible, so that only the user enters when they run the program for the first time)?

As of writing this, the token stays valid for exactly one hour. You can confirm by checking the value of credentials.token_info["expires_in"] which displays the time in seconds.

Also, spotipy raises spotipy.client.SpotifyException when a dependent method has been called but the token has already expired. So, you could catch this exception and overwrite your previous spotipy.client.Spotify instance with a new one. At the minimal you would do something similar to this:

import spotipy
import spotipy.oauth2 as oauth2

def authenticate_calls():
    credentials = oauth2.SpotifyClientCredentials(
        client_id=client_id,
        client_secret=client_secret,
    )
    token = credentials.get_access_token()
    sp = spotipy.Spotify(auth=token)
    return sp

sp = authenticate_calls()

try:
    do_something_that_needs_authentication(sp)
except spotipy.client.SpotifyException:
    sp = authenticate_calls()
    do_something_that_needs_authentication(sp)

You could also create a decorator function which would refresh the token if expired and decorate your functions with it!

Upvotes: 2

Related Questions