Spotify API Token Scope Issue

Question

I have been at this for sometime now and wanted to see if anyone had and idea of what I could be doing wrong. What I am trying to do is add a song to a playlist using the provided Spotify Web APIs. According to the documentation on this https://developer.spotify.com/documentation/web-api/reference/playlists/add-tracks-to-playlist/ I need to establish the scope of the user.

"adding tracks to the current user’s private playlist (including collaborative playlists) requires the playlist-modify-private scope" I have created the playlist as collaborative and I am using the login credentials of my personal account to reach this playlist I created. all this is under the same login.

What I am finding is that my scope is not getting added to my token on my call for my token causes a 403 error when I try to add the song. Here is what that call looks like

https://accounts.spotify.com/authorize/?client_id=mynumber&response_type=code&scope=playlist-modify-private&redirect_uri=http:%2F%2Flocalhost:55141/Home/GetToken/

here are the docs on using authorization to get the correct token. https://accounts.spotify.com/authorize/?client_id=894400c20b884591a05a8f2432cca4f0&response_type=code&scope=playlist-modify-private&redirect_uri=http:%2F%2Flocalhost:55141/Home/GetToken/

further more if I go into the dev support here https://developer.spotify.com/documentation/web-api/reference/playlists/add-tracks-to-playlist/ and click the green try button and then request a new token it works.

Bottom line some how my request is not taking my scope request. Any Ideas?

Thanks

nipkip nipkip · Accepted Answer · 2020-08-16T03:03:07

To get the token with a specific scope you need to go to the authorize endpoint and get the code. The code is what you want to get to be able http post to the endpoint https://accounts.spotify.com/api/token and get a token with your desired scopes. You can simply get the code by pasting a url like this in your browser...

https://accounts.spotify.com/authorize?client_id=<client_id>&response_type=code&scope=streaming%20user-read-email%20user-read-private&redirect_uri=<redirect_uri>

Only add %20 in between scopes if you have multiple ones

You will then be sent to spotify's website and they'll verify you want to do this. Once you verify it your browser will redirect you to what you set the redirect_uri to be in the url above. At the end of the url that you are sent to, you should be able to see the parameter name code with the code value assigned to it. You then get that code and put it in your http post body params to the https://accounts.spotify.com/api/token endpoint. Make sure you accurately follow the query params requirements in your post method.

An example of the post in python using the requests library:

authorization = requests.post(
    "https://accounts.spotify.com/api/token",
    auth=(client_id, client_secret),
    data={
        "grant_type": "authorization_code",
        "code": <code>,
        "redirect_uri": <redirect_uri>
    },        
)


authorization_JSON = authorization.json()
return authorization_JSON["access_token"]

In the end you should get a json that shows the scopes you set a long with a refresh the token later on to make more requests.

I know this answer is quite late but I was experiencing the same issue as well which is how I came across this question. I hope this helps anyone that sees this at a later date.

Source: https://developer.spotify.com/documentation/general/guides/authorization-guide/#client-credentials-flow

Spotify API Token Scope Issue

1 Answers