How to access the hash fragment in the final url after request

0
votes

Whenever I copy and paste the following into a web browser

Original URL

http://accounts.spotify.com/authorize?client_id=XXX2d0ff4186b517daa4e1c577e4&redirect_uri=http:%2F%2Flocalhost:5000&scope=playlist-modify-public%20playlist-modify-private&response_type=token

I get this for the final url

Final URL

http://localhost:5000/#access_token=XXX-LQY7xCQXTqpmsfroChl5yeUoiIDmoBfybqc9psLE2WFwP2UNQ26nVuiLGQkIWA-4occeXbrScaO5mqmMHZpgDPjTcSEfN9VZCLKKyfE46FUsucmCetP9owY_bRWoraZ8P2wwq0osZEMit0jmOrThvPTyKqp7O_rAbwT1BUsLeB9ux7xdLnTreocpmtZl3wqMXz24B2mwRMEieb_Dq2PUgIaK3zE7X-RvnzqQ&token_type=Bearer&expires_in=3600

My question is how to get the access_token in the final url by using the original URL programmatically. Preferably in python. The original URL will be constant so I won't need to make any changes to the values of the parameters that I already declared

I have already tried

  • Using python requests, and viewing the response.url.(both using POST and GET) But when I do it only shows the original url.
  • Same concept using urllib
  • Displaying it with .json, json(), .text, .headers, and pretty much all of the request functions available, but again it only makes references to the original url.
1
pythonurlrequestspotify
You can't, the fragment is not transmitted by the browser. It looks like you have at some point selected the wrong OAuth2 flow type.Klaus D.
Thank you. Yes I chose the implicit grant method because I was struggling to get a valid access_token when using both other flows. I was receiving a access_token but it was way shorter than the correct one I was getting using this methodtrixyo

1 Answers

0
votes

I assume that the grant flow that you are using is Implicit Grant which is used to obtain user's token. However, using this flow requires user's interaction via browser to complete the flow and get the token.

That means Implicit Grant can't be used to obtain user's access token via browserless application without user's interaction.

In case of browserless application, the authentication flow that you might want to use is Client Credential flow that you can get the access token directly in the response. The limitation of this grant flow is that you can't use the endpoint that requires user's identity.

In the FAQ section of the document might have an answer for your scenario that you might consider a refresh token instead.