mirror of
https://github.com/Paxsenix0/Spotify-Canvas-API.git
synced 2026-04-27 08:15:52 +03:00
[GH-ISSUE #2] Unable to authenticate #2
Labels
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/Spotify-Canvas-API#2
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @faken on GitHub (Jul 24, 2025).
Original GitHub issue: https://github.com/Paxsenix0/Spotify-Canvas-API/issues/2
I am again having issues with requesting the canvas information.
I've already refreshed the SD_CD-Cooking information.
See request below:
2025-07-24T13:05:18.253611+00:00 app[web.1]: [spotifyCanvasService] Cache miss for spotify:track:3jiTUSjtdSekmfgZYkGjKl 2025-07-24T13:05:18.463677+00:00 app[web.1]: Canvas request error: AxiosError: Request failed with status code 400 2025-07-24T13:05:18.463678+00:00 app[web.1]: at settle (file:///app/node_modules/axios/lib/core/settle.js:19:12) 2025-07-24T13:05:18.463680+00:00 app[web.1]: at Unzip.handleStreamEnd (file:///app/node_modules/axios/lib/adapters/http.js:599:11) 2025-07-24T13:05:18.463681+00:00 app[web.1]: at Unzip.emit (node:events:530:35) 2025-07-24T13:05:18.463682+00:00 app[web.1]: at endReadableNT (node:internal/streams/readable:1698:12) 2025-07-24T13:05:18.463683+00:00 app[web.1]: at process.processTicksAndRejections (node:internal/process/task_queues:90:21) 2025-07-24T13:05:18.463683+00:00 app[web.1]: at Axios.request (file:///app/node_modules/axios/lib/core/Axios.js:45:41) 2025-07-24T13:05:18.463683+00:00 app[web.1]: at process.processTicksAndRejections (node:internal/process/task_queues:105:5) 2025-07-24T13:05:18.463684+00:00 app[web.1]: at async getToken (file:///app/services/spotifyAuthService.js:25:20) 2025-07-24T13:05:18.463684+00:00 app[web.1]: at async getCanvases (file:///app/services/spotifyCanvasService.js:36:25) 2025-07-24T13:05:18.463684+00:00 app[web.1]: at async fetchCanvas (file:///app/controllers/canvasController.js:9:22) { 2025-07-24T13:05:18.463685+00:00 app[web.1]: code: 'ERR_BAD_REQUEST', 2025-07-24T13:05:18.463686+00:00 app[web.1]: config: { 2025-07-24T13:05:18.463687+00:00 app[web.1]: transitional: { 2025-07-24T13:05:18.463687+00:00 app[web.1]: silentJSONParsing: true, 2025-07-24T13:05:18.463688+00:00 app[web.1]: forcedJSONParsing: true, 2025-07-24T13:05:18.463688+00:00 app[web.1]: clarifyTimeoutError: false 2025-07-24T13:05:18.463688+00:00 app[web.1]: }, 2025-07-24T13:05:18.463688+00:00 app[web.1]: adapter: [ 'xhr', 'http', 'fetch' ], 2025-07-24T13:05:18.463688+00:00 app[web.1]: transformRequest: [ [Function: transformRequest] ], 2025-07-24T13:05:18.463688+00:00 app[web.1]: transformResponse: [ [Function: transformResponse] ], 2025-07-24T13:05:18.463689+00:00 app[web.1]: timeout: 0, 2025-07-24T13:05:18.463689+00:00 app[web.1]: xsrfCookieName: 'XSRF-TOKEN', 2025-07-24T13:05:18.463689+00:00 app[web.1]: xsrfHeaderName: 'X-XSRF-TOKEN', 2025-07-24T13:05:18.463689+00:00 app[web.1]: maxContentLength: -1, 2025-07-24T13:05:18.463689+00:00 app[web.1]: maxBodyLength: -1, 2025-07-24T13:05:18.463689+00:00 app[web.1]: env: { FormData: [Function [FormData]], Blob: [class Blob] }, 2025-07-24T13:05:18.463690+00:00 app[web.1]: validateStatus: [Function: validateStatus], 2025-07-24T13:05:18.463690+00:00 app[web.1]: headers: Object [AxiosHeaders] { 2025-07-24T13:05:18.463690+00:00 app[web.1]: Accept: 'application/json, text/plain, */*', 2025-07-24T13:05:18.463690+00:00 app[web.1]: 'Content-Type': undefined, 2025-07-24T13:05:18.463691+00:00 app[web.1]: 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36', 2025-07-24T13:05:18.463691+00:00 app[web.1]: Origin: 'https://open.spotify.com/', 2025-07-24T13:05:18.463692+00:00 app[web.1]: Referer: 'https://open.spotify.com/', 2025-07-24T13:05:18.463703+00:00 app[web.1]: Cookie: 'sp_dc=AQC3mldI2toJEhChG6ZTmCAfLMSEkJceFMcUH9u-ADeoe36mfoyeMa5UnBSu79Dq_YmCmWkwLQ35uMbeap_EEdy6QOyRm3Drjrnb6QCF5qQ8TtS7RIyEbvYMrHzNjPBspKLFgk2Gl-hJ3dXHQbZPWhzpPyIlKNLoUUQOR4D8a8A3mAQsYmOxtTcbAGum9aIbK8bEZdN6bc8XIV-Kdtc', 2025-07-24T13:05:18.463703+00:00 app[web.1]: 'Accept-Encoding': 'gzip, compress, deflate, br' 2025-07-24T13:05:18.463703+00:00 app[web.1]: }, 2025-07-24T13:05:18.463704+00:00 app[web.1]: method: 'get', 2025-07-24T13:05:18.463704+00:00 app[web.1]: url: 'https://open.spotify.com/api/token?reason=init&productType=mobile-web-player&totp=334673&totpVer=14&totpServer=227742',@Inzaniity commented on GitHub (Jul 24, 2025):
Spotify is changing their TOTP Authentication every few days now to make it harder to use the endpoint. You can use https://github.com/Thereallo1026/spotify-secrets/ for always up to date secrets. Or better yet just fetch https://raw.githubusercontent.com/Thereallo1026/spotify-secrets/refs/heads/main/secrets/secretDict.json every hour to see if there are new TOTP secrets.
@Paxsenix0 commented on GitHub (Jul 24, 2025):
Hello @faken :)
Try to clone this repo again, your totpVer is too old
@Paxsenix0 commented on GitHub (Jul 24, 2025):
@Inzaniity Yep, I can make a change to get TOTP secret from there but I don't know where to save it.
@Inzaniity commented on GitHub (Jul 24, 2025):
I extended the code with a tokenmanager that fetches the json every hour and keeps it in memory. On restart the first thing it does is fetch the TOTP before even trying to authenticate with Spotify. I can post a code snipped tomorrow.
@Paxsenix0 commented on GitHub (Jul 25, 2025):
Sounds great! You can also open a PR for this :)
@Paxsenix0 commented on GitHub (Jul 27, 2025):
@faken any updates? Can you try to re-clone this repo and try again? :)