[GH-ISSUE #154] Testing OAuth endpoints #57

New issue

Closed

opened 2026-02-27 20:22:51 +03:00 by kerem · 6 comments

kerem commented 2026-02-27 20:22:51 +03:00

Owner

Copy link

Originally created by @ramsayleung on GitHub (Nov 16, 2020).
Original GitHub issue: https://github.com/ramsayleung/rspotify/issues/154

It's a little bit awkward that most endpoints implemented in rspotify which require oauth token to go haven't have some related unit tests.

Since most tests will depend on Spotify Web API, and have to obtain the oauth token before sending request to Spotify server. The problem there is no a proper way to get oauth token, it has to open a browser and sign in with specific scopes, and now the process can't be automated.

#[maybe_async]
#[maybe_async_test]
#[ignore] // we have to ignore those tests for the reason discussed above.
async fn test_current_user_playing_track() {
    oauth_client()
        .await
        .current_user_playing_track()
        .await
        .unwrap();
}

As everything goes without saying, tests are essential, and we should figure out a proper way to add test for endpoints.

Originally created by @ramsayleung on GitHub (Nov 16, 2020). Original GitHub issue: https://github.com/ramsayleung/rspotify/issues/154 It's a little bit awkward that most endpoints implemented in `rspotify` which require `oauth` token to go haven't have some related unit tests. Since most tests will depend on Spotify Web API, and have to obtain the `oauth` token before sending request to Spotify server. The problem there is no a proper way to get `oauth` token, it has to open a browser and sign in with specific scopes, and now the process can't be automated. ```rust #[maybe_async] #[maybe_async_test] #[ignore] // we have to ignore those tests for the reason discussed above. async fn test_current_user_playing_track() { oauth_client() .await .current_user_playing_track() .await .unwrap(); } ``` As everything goes without saying, tests are essential, and we should figure out a proper way to add test for endpoints.

kerem 2026-02-27 20:22:51 +03:00

• closed this issue
• added the
  enhancement
  Stale
  help wanted
  discussion
  labels

kerem commented 2026-02-27 20:22:52 +03:00

Author

Owner

Copy link

@marioortizmanero commented on GitHub (Nov 16, 2020):

The main blocking issue is that we don't have a premium account to run these tests on. I tried to request tokens for library maintainers, here's the post in their forum for developers: https://community.spotify.com/t5/Spotify-for-Developers/Dummy-premium-accounts-for-library-developers/m-p/5046929. For now you can press Like and leave a comment with your thoughts, but it seems to be somewhat stale. We should notify other maintainers for spotify libraries to support this issue and get some traction.

Before we run any tests with oauth though we have to make sure they don't modify the user's data (for example first testing following users and then unfollowing them).

<!-- gh-comment-id:728187883 --> @marioortizmanero commented on GitHub (Nov 16, 2020): The main blocking issue is that we don't have a premium account to run these tests on. I tried to request tokens for library maintainers, here's the post in their forum for developers: https://community.spotify.com/t5/Spotify-for-Developers/Dummy-premium-accounts-for-library-developers/m-p/5046929. For now you can press Like and leave a comment with your thoughts, but it seems to be somewhat stale. We should notify other maintainers for spotify libraries to support this issue and get some traction. Before we run any tests with oauth though we have to make sure they don't modify the user's data (for example first testing following users and then unfollowing them).

kerem commented 2026-02-27 20:22:52 +03:00

Author

Owner

Copy link

@marioortizmanero commented on GitHub (Feb 25, 2021):

Additionally, it could be a good idea to have a GitHub action with a cronjob that periodically (say, once a day) checks that the endpoints work. This would let us know about changes in the Spotify API very early and give us more time to apply them. Here's how tekore does it.

<!-- gh-comment-id:786309801 --> @marioortizmanero commented on GitHub (Feb 25, 2021): Additionally, it could be a good idea to have a GitHub action with a cronjob that periodically (say, once a day) checks that the endpoints work. This would let us know about changes in the Spotify API very early and give us more time to apply them. Here's how tekore does it.

kerem commented 2026-02-27 20:22:52 +03:00

Author

Owner

Copy link

@typecasto commented on GitHub (Jul 6, 2021):

Could you not use a self-hosted runner and your own personal spotify account? While it isn't ideal, the spotify devs don't exactly seem receptive to the issue.

This would keep the credentials private, since nobody else has access to the .env file or your token. As far as not modifying the account, are there any API calls that don't have an inverse? You could test the playlist creation endpoint, which creates a playlist, then test the get user playlists endpoint, which would find that playlist (and ignore all the others), then test the delete user playlists endpoint, which would delete that playlist. Overall, this has no net impact on your playlists, since it creates and then deletes one immediately after. I'm unaware of any endpoints that don't have some inverse operation like that (or have any impact at all).

Also, what are the restrictions on a free account? No API access at all?

<!-- gh-comment-id:874388016 --> @typecasto commented on GitHub (Jul 6, 2021): Could you not use a [self-hosted runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) and your own personal spotify account? While it isn't ideal, the spotify devs don't exactly seem receptive to the issue. This would keep the credentials private, since nobody else has access to the .env file or your token. As far as not modifying the account, are there any API calls that don't have an inverse? You could test the playlist creation endpoint, which creates a playlist, then test the get user playlists endpoint, which would find that playlist (and ignore all the others), then test the delete user playlists endpoint, which would delete that playlist. Overall, this has no net impact on your playlists, since it creates and then deletes one immediately after. I'm unaware of any endpoints that don't have some inverse operation like that (or have any impact at all). Also, what are the restrictions on a free account? No API access at all?

kerem commented 2026-02-27 20:22:52 +03:00

Author

Owner

Copy link

@marioortizmanero commented on GitHub (Jul 6, 2021):

Yes, we can use our personal accounts keeping the credentials private, but:

1. You open up the possibility of leaking the account. Not like it's easy to do so, but it's an unnecessary risk I don't really want to take.
2. Most endpoints do have an inverse, but running tests on the account is still sketchy. What if the "delete playlist" is the one test that fails? I'd have garbage in my account. And similars. Yes, you can reverse most of them, but you can still end up with a modified account.

I was hoping Spotify could help us by providing a premium account for the tests, but seeing that it's not happening I will consider using mine. Before releasing the new version we have to modify the oauth tests so that they don't modify the user's account anyway, so I'll decide after that's done and I can try it locally.

And yes, you can't access OAuth endpoints with a free account.

<!-- gh-comment-id:874597607 --> @marioortizmanero commented on GitHub (Jul 6, 2021): Yes, we can use our personal accounts keeping the credentials private, but: 1. You open up the possibility of leaking the account. Not like it's easy to do so, but it's an unnecessary risk I don't really want to take. 2. Most endpoints do have an inverse, but running tests on the account is still sketchy. What if the "delete playlist" is the one test that fails? I'd have garbage in my account. And similars. Yes, you can reverse most of them, but you can still end up with a modified account. I was hoping Spotify could help us by providing a premium account for the tests, but seeing that it's not happening I will consider using mine. Before releasing the new version we have to modify the oauth tests so that they don't modify the user's account anyway, so I'll decide after that's done and I can try it locally. And yes, you can't access OAuth endpoints with a free account.

kerem commented 2026-02-27 20:22:52 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jul 4, 2023):

Message to comment on stale issues. If none provided, will not mark issues stale

<!-- gh-comment-id:1619386331 --> @github-actions[bot] commented on GitHub (Jul 4, 2023): Message to comment on stale issues. If none provided, will not mark issues stale

kerem commented 2026-02-27 20:22:52 +03:00

Author

Owner

Copy link

@tomkimsour commented on GitHub (Aug 30, 2023):

Is there a command to run these tests on local ? I'm trying to test the playlist endpoint but I can't figure the command to run to test oauth and bypass the ignore without removing the attribute

<!-- gh-comment-id:1699115854 --> @tomkimsour commented on GitHub (Aug 30, 2023): Is there a command to run these tests on local ? I'm trying to test the playlist endpoint but I can't figure the command to run to test oauth and bypass the ignore without removing the attribute

kerem referenced this issue 2026-02-27 20:23:48 +03:00

[PR #57] [MERGED] add missing device types #213

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ramsay/upgrade-0.16.1

dependabot/cargo/sha2-0.11.0

ramsay/upgrade-to-v0.16

ramsay/deprecate-removed-renamed-field

ramsay/migrate-to-new-endpoint

ramsay/deprecate-removed-endpoints

dependabot/cargo/strum-0.28.0

dependabot/cargo/reqwest-middleware-0.5.1

dependabot/cargo/reqwest-0.13.1

ramsay/upgrade-to-0.15.3

ramsay/upgrade-to-0.15.2

dependabot/cargo/ureq-3.1.2

ramsay/upgrade-dependencies

ramsay/upgrade-to-0.15.1

ramsay/fix-malformed-json

ramsay/upgrade-to-v0.15.0

ramsay/allow-enum-unknown-variant

ramsay/upgrade-to-0.14

ramsay/add_tcplistern_for_callback

ramsay/fix-clippy-error

ramsay/update-doc

ramsay/fix-endless-sequence

ramsay/publish-crate-workflow-test

ramsay/fix-pkce-refresh-token

ramsay/pkce_auth_refresh_token

ramsay_add_test_for_collectionyourepisodes

better-webapp

ramsay_fix_token_expired

percent-search

refresh_token_rwlock

ramsay_convert_result_inside_endpoint

streaming

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.0

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.0

v0.11.7

v0.11.6

v0.10.0

v0.11.5

v0.11.5.0

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.11.5.1

v0.9

v0.9-alpha

Labels

Clear labels   

Stale

  

bug

  

discussion

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

Stale

bug

discussion

enhancement

good first issue

good first issue

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/rspotify#57

No description provided.