Curl post requests with Spotify client id & secret return invalid client

2
votes

I'm following Spotify's client credentials authorization flow, but all of my curl requests are returning {"error":"invalid_client"} each time. Here are the instructions from Spotify:

The request will include parameters in the request body:

  • grant_type - Set to “client_credentials”.

The header of this POST request must contain the following parameter:

  • Authorization - A Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic <base64 encoded client_id:client_secret>

They also include an example of a curl request:

$ curl -H "Authorization: Basic ZjM4ZjAw...WY0MzE=" -d grant_type=client_credentials https://accounts.spotify.com/api/token

Following their example, so far I've tried curl requests with:

  • client_id and client_secret plain
  • both base64 encoded seperately
  • only one or the other encoded
  • both encoded as one string with the colon
  • both encoded as one string without the colon
  • each of the above with a regenerated client secret

I'm using Ruby's Base64#encode64 method to encode. Still no luck. Any helpful hints?

2
rubyauthenticationcurlencodingbase64
Does the curl request work for you? Can you post the exact Ruby code you're trying to use?Xavier Shay
The curl request was not working; I was trying to get that to work before trying it in the actual Rails app. But I figured it out - you can see my answer below.Matthew Hinea

2 Answers

4
votes

Okay, I got it working - passing my client_id and client_secret, separated by a colon, to Base64.strict_encode64 (NOT Base64.encode64) and then passing that to the above curl request gets a 200 response with an access token. Apparently encode64 was not enough.

0
votes

I ran into this error when I ran the curl command in my terminal. 

-bash: unexpected EOF while looking for matching `"'

Solved by using single quotes instead of double quotes.