View on GitHub → View on NuGet → Umbraco Package →
Bjerner.dk Skybrud.dk
Spotify Authentication
Skybrud.Social » Spotify » Authentication

Authentication

Most of the Spotify Web API can be accessed without an access token (obtained through user authentication or client credentials). However if you do need to setup authentication to identify either your app or users of your app to the API, have a look below:

Registering your app

To register a new app (or finding an existing app), you can go to the My Applications page. For each app you have registered, you will be able to see it's client ID and client secret as well as setting up one or more redirect URIs.

Obtaining an access token using client credentials

The Spotify Web API lets you obtain an access token by specifying the client ID and client secret of you app. A benefit of this approach is that your app will have a higher rate limit compared to when not specifying an access token - even when requesting endpoint methods that do not require an access token.

This method is however currently not supported in the Skybrud.Social implementation.

Obtaining an access token through user authentication

If you need to access the API on behalf of your users, you can set up an authentication page. In a MVC website, the authentication page could look like this view:

@using Skybrud.Social.Spotify.OAuth
@using Skybrud.Social.Spotify.Responses.Authentication

@{
    
    SpotifyOAuthClient client = new SpotifyOAuthClient {
        ClientId = "The client ID of your app",
        ClientSecret = "The client secret of your app",
        RedirectUri = "The redirect of your app"
    };

    if (Request.QueryString["do"] == "login") {

        // Get the redirect URI (if present)
        string redirect = (Request.QueryString["redirect"] ?? "yeah");

        // Set the state
        string state = Guid.NewGuid().ToString();
        Session["Spotify_" + state] = redirect;
        
        // Generate the authorization URL
        string url = client.GetAuthorizationUrl(state);

        // Redirect the user
        Response.Redirect(url);

        return;

    }
    
    if (Request.QueryString["error"] != null) {

        // Get the state from the query string
        string state = Request.QueryString["state"];

        // Remove the session
        if (state != null) { Session.Remove("Spotify_" + state); }

        // Print out the error
        <div class="error">@Request.QueryString["error"]</div>

        return;

    }

    if (Request.QueryString["code"] != null) {

        // Get the state from the query string
        string state = Request.QueryString["state"];

        if (state == null) {
            <div class="error">
                No <strong>state</strong> specified in the query string.
            </div>
            return;
        }

        string session = Session["Spotify_" + state] as string;

        if (session == null) {
            <div class="error">Session expired?</div>
            return;
        }

        Session.Remove("Spotify_" + state);

        <h3>Code</h3>
        <pre>@Request.QueryString["code"]</pre>

    
    
    
    
        SpotifyTokenResponse info = client.GetAccessTokenFromAuthCode(Request.QueryString["code"]);
        
        <h3>Access Token</h3>
        
        <h4>Headers</h4>
        <pre>@String.Join("\n", from string key in info.Headers.Keys select key + " => " + info.Headers[key])</pre>
        
        <h4>Body</h4>
        <pre>@info.Response.Body</pre>
        
        <h4>Access Token</h4>
        <pre>@(String.IsNullOrWhiteSpace(info.Body.AccessToken) ? "Empty" : info.Body.AccessToken)</pre>
        
        <h4>Refresh Token</h4>
        <pre>@(String.IsNullOrWhiteSpace(info.Body.RefreshToken) ? "Empty" : info.Body.RefreshToken)</pre>
        
        <h4>Token Type</h4>
        <pre>@info.Body.TokenType</pre>
        
        return;

    }
    
    <p><a class="btn btn-default" href="@Url.Action("OAuth")?do=login">Login with Spotify</a></p>
    
}