Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Login Spotify API on esp32

Solved!
Go to solution

Login Spotify API on esp32

Avatar of simo_petre04
Casual Listener
2024-10-25 07:21 PM

Plan

Premium

Country

Italy

Device

ESP32

Programming Languege:

Python

 

My Question or Issue

I'm working at a project where I need to login on a ESP32 with my Spotify account. Now I'm using "autorizzazione code flow" as show in the Spotify documentation: https://developer.spotify.com/documentation/web-api/tutorials/code-flow But, instead of open the link for the user authorization from the ESP32, I print it in serial port. After this, I start an access point with the ESP32 which is connected to the same LAN of my PC. Now I open the link on the PC and login. As redirect URI I set the ESP32 IP local address, so, after the login, the PC get redirect to the esp32 page, the esp32 get from the URL "code" and "state". After this I follow the flow shown in the documentation.

The question is: Is this the correct way to do it? If I want to create an Android application for login it's enough to send the link via Bluetooth instead of serial?

Labels:
0 Likes
Reply

Accepted Solutions
Marked as solution

Avatar of Ximzend
Spotify Star
Spotify Star
2024-10-25 07:40 PM

 Hi @simo_petre04,

 

Thank you for reaching out in the Community, and welcome!

 

As long as the access token and refresh token reach the ESP32, it doesn’t matter how they get there. Just remember that the ESP32 needs the ability to refresh the token because access tokens are only valid for one hour.

 

I hope this helps! If you have any other questions, feel free to ask.

 

Cheers!

 

P.S. Using the authorization code with PKCE might be a better option, as I'm unsure whether the client secret can be stored safely in your case. Also, if you don't get a new refresh token, you can keep using the old one.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

View solution in original post

Marked as solution

Avatar of Ximzend
Spotify Star
Spotify Star
2024-10-26 08:51 AM

Hi @simo_petre04,

 

Great question! Yes, with PKCE, you’re correct; you don’t need to store the client secret in the user’s mobile app. PKCE was designed specifically for cases like this to keep things secure, even without a client secret.

 

If you decide to publish the app in the future, PKCE is indeed a safe choice, as it protects the authorization flow and user data without needing to store sensitive information directly in the app.

 

Hope this clarifies things! Let me know if there’s anything else.

 

Cheers!

 

 

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

View solution in original post

4 Replies
Marked as solution

Avatar of Ximzend
Spotify Star
Spotify Star
2024-10-25 07:40 PM

 Hi @simo_petre04,

 

Thank you for reaching out in the Community, and welcome!

 

As long as the access token and refresh token reach the ESP32, it doesn’t matter how they get there. Just remember that the ESP32 needs the ability to refresh the token because access tokens are only valid for one hour.

 

I hope this helps! If you have any other questions, feel free to ask.

 

Cheers!

 

P.S. Using the authorization code with PKCE might be a better option, as I'm unsure whether the client secret can be stored safely in your case. Also, if you don't get a new refresh token, you can keep using the old one.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Avatar of simo_petre04
Casual Listener
2024-10-25 10:53 PM

Hi @Ximzend, thank you for replying me.

So, I'm going to make a mobile application to request user authorization and when I've gotten the access token, I'm going to send it to the ESP32 via bluethooth. Now the ESP32 is able to communicate with Spotify Server and refresh the token in case of need. (I've arleady tried it and it works)

I've got an other question. As you suggested me, I'll use PCKE so I don't need to store client_secret on the mobile app of the user (do I?). Eventually, if in the future I'll have the intention of publishing the application on a store, I guess it's totally safe. Isn't it?

0 Likes
Marked as solution

Avatar of Ximzend
Spotify Star
Spotify Star
2024-10-26 08:51 AM

Hi @simo_petre04,

 

Great question! Yes, with PKCE, you’re correct; you don’t need to store the client secret in the user’s mobile app. PKCE was designed specifically for cases like this to keep things secure, even without a client secret.

 

If you decide to publish the app in the future, PKCE is indeed a safe choice, as it protects the authorization flow and user data without needing to store sensitive information directly in the app.

 

Hope this clarifies things! Let me know if there’s anything else.

 

Cheers!

 

 

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Avatar of simo_petre04
Casual Listener
2024-10-26 12:57 PM

Thanks for replying me @Ximzend

You've been really helpful!

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more