Spotify Community

dm17 · 2022-04-15

Hello,
I'm currently on Step 2 (Requesting Access Token) of the Auth Code Flow using PKCE, but I am unable to retrieve the access token.
Problem
I am receiving a 400 Bad Request when sending my POST request to the https://accounts.spotify.com/api/token endpoint.
Code Snippet
Code

Everything seems correct when I output to the console, but it seems like I'm missing something.
Please help

Edit:

To make it easier to check my work I will reference the Auth Code Flow documentation here and where that can be found in my code (above).

Making a POST request to the /api/token endpoint:
- options.method = "POST"
- SPOTIFY_TOKEN_ENDPOINT = "https://accounts.spotify.com/api/token"
Request body should contain the parameters in application/x-www-form-urlencoded:
- headers["Content-Type"] = "application/x-www-form-urlencoded"
- bodyObject = parameters needed
searchParams = URLSearchParams object containing parameters and values
requestBody = bodyObject in x-www-form-urlencoded form
- request.write(requestBody) = request sending parameters in the body in x-www-form-urlencoded form
Request body parameters needed (found in bodyObject):
- grant_type = "authorization_code"
- code = codeVal, the code value found in the URL when redirected after Authorization
- redirect_uri = redirectURI, the same URI sent in Step 1 of Auth Code Flow
- client_id = environment variable that is expanded at runtime using dotenv library
- code_verifier = codeVerifier, the code verifier my website created and sent in Step 1 of Auth Code Flow (have confirmed these match)
HTTP Headers:
- headers.Authorization = base64 encoded(<client_id environment variable>:<client_secret environment variable>)
- headers["Content-Type"] = "application/x-www-form-urlencoded"

mikemgg123 · 2023-02-01

same issue. did you figure it out?

deeema · 2023-02-11

I have the same problem when trying to refresh my token.
I'm sending a POST-request to endpoint "https://accounts.spotify.com/api/token" and getting 400 "Invalid request". No error message. I just don't get what the problem is.

Payload:
{
"refresh_token": [my refresh token],
"grant_type": "refresh_token",
"client_id": "[my client id]"
}
Headers.
{
"Content-Type": "application/x-www-form-urlencoded"
}

hiftikha · 2023-06-28

Are you able to fetch the auth_token the first time around? I have the same issue and keep getting invalid code_verifier when it is exactly the same as generated. Happy to pair program if you’d like, 2 pairs of eyes > one

hiftikha · 2023-06-28

Did you get a successful auth token the first time around using PKCE?

SemyD · 2023-06-30

Any news on this? i kinda have the same issue. Everything was working perfectly fine and out of nowhere i always get TIMEDOUT on https://accounts.spotify.com/api/token

rentzy · 2023-11-13

I've run into the same issue and wondering if there has been any update?

Bryan-BC · 2024-01-30

Just putting this for future devs; I was able to make it work by changing "Content-Type" to "content-type"

_camden · 2024-08-29

Did you solve this problem?

If not, is the line "- headers.Authorization = base64 encoded(<client_id environment variable>:<client_secret environment variable>)" necessary in your headers?

Separately, I'm also having this problem.

_camden · 2024-08-29

Bryan-BC's solution didn't work for me, unfortunately.

Soch · 2024-11-08

Same, Bryan solution didn't work either. Any further clue from someone?

Spotify Community

Help categories

Account & Payment

Using Spotify

Listen Everywhere

400 Bad Request - Access Token - PKCE Auth Code Flow

400 Bad Request - Access Token - PKCE Auth Code Flow

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

400 Bad Request - Access Token - PKCE Auth Code Flow

400 Bad Request - Access Token - PKCE Auth Code Flow

Suggested posts

Let's introduce ourselves!