starred/spotify-player
1
0
Fork 0
mirror of https://github.com/aome510/spotify-player.git synced 2026-04-26 17:35:50 +03:00
Code Issues 242 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #806] Authentication fails with 403 Forbidden due to ignored/invalid client_id even after clean reinstall #478

New issue
Closed
opened 2026-03-02 23:47:56 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 23:47:56 +03:00
Owner
Copy link

Originally created by @luizpassaroni on GitHub (Aug 23, 2025).
Original GitHub issue: https://github.com/aome510/spotify-player/issues/806

Describe the bug

The application fails to load any user data (playlists, albums, etc.) after a successful browser login, even after a complete "from scratch" reinstall. The UI remains empty and eventually crashes or errors out.

Image

The root cause appears to be that the application's authentication request to Spotify's keymaster endpoint is using a default client_id that is consistently rejected with a 403 Forbidden error.

This issue persists even when a custom client_id and client_secret are correctly configured in app.toml. Previous logs showed that the application would load the custom client_id from the config file but still use the hardcoded default ID in the actual API request, indicating the configuration is being ignored at the authentication level.

Steps to Reproduce

  1. On macOS, perform a complete removal of the application and all related files (brew uninstall, rm -rf ~/.config/spotify-player, rm -rf ~/.cache/spotify-player).
  2. Reinstall spotify-player using Homebrew.
  3. Configure app.toml with a valid, personal client_id and client_secret from the Spotify Developer Dashboard.
  4. Ensure the correct Redirect URI (http://127.0.0.1:8989/login) is set in the Spotify App settings.
  5. Run spotify-player.
  6. Complete the authentication flow in the browser.
  7. The application fails to load user data, and the logs show a 403 Forbidden error.

Expected behavior

The application should use the configured credentials, successfully retrieve an auth token, and load the user's library.

Actual behavior

The application fails to authenticate with Spotify's backend, resulting in an empty UI and preventing any use of the application.

Environment

  • OS: macOS
  • Installation Method: Homebrew

Logs

This log is from a fresh run after a complete reinstallation. All sensitive data has been redacted.

2025-08-23T19:05:32.746101Z  INFO spotify_player: Configurations: Configs { app_config: AppConfig { theme: "dracula", client_id: "[REDACTED]", ... }, cache_folder: "[REDACTED_HOME_DIR]/.cache/spotify-player" }
2025-08-23T19:05:32.751476Z  INFO spotify_player::auth: Using cached credentials
2025-08-23T19:05:33.532525Z  INFO librespot_core::session: Connecting to AP "ap-gue1.spotify.com:4070"
2025-08-23T19:05:34.122233Z  INFO librespot_core::session: Authenticated as '[REDACTED_USERNAME]' !
2025-08-23T19:05:34.122850Z  INFO librespot_core::session: Country: "BR"
2025-08-23T19:05:34.123047Z  INFO spotify_player::token: Getting a new authentication token...
2025-08-23T19:05:34.503788Z ERROR librespot_core::mercury: error 403 for uri hm://keymaster/token/authenticated?scope=...&client_id=[REDACTED]&device_id=[REDACTED]
2025-08-23T19:05:34.504065Z ERROR spotify_player::client::spotify: Failed to get a new token: failed to get the token: Service unavailable { error handling Mercury response: MercuryResponse { uri: "hm://keymaster/token/authenticated?scope=...&client_id=[REDACTED]&device_id=[REDACTED]", status_code: 403, payload: [[...]] } }
2025-08-23T19:05:34.504428Z  WARN spotify_player: Failed to create a client socket for handling CLI commands: Address already in use (os error 48)
2025-08-23T19:05:34.504471Z ERROR client_request{request=GetUserSavedShows}: spotify_player::client::handlers: Failed to handle client request: Token is not valid
2025-08-23T19:05:34.758683Z ERROR client_request{request=GetUserPlaylists}: spotify_player::client::handlers: Failed to handle client request: get access token: failed to get the authentication token stored inside the client.
2025-08-23T19:05:35.505234Z ERROR spotify_player::client: Failed to retrieve current playback: Token is not valid
2025-08-23T19:05:41.138121Z ERROR spotify_player::ui: Failed to render the application: Input/output error (os error 5)
Originally created by @luizpassaroni on GitHub (Aug 23, 2025). Original GitHub issue: https://github.com/aome510/spotify-player/issues/806 ### Describe the bug The application fails to load any user data (playlists, albums, etc.) after a successful browser login, even after a complete "from scratch" reinstall. The UI remains empty and eventually crashes or errors out. <img width="561" height="423" alt="Image" src="https://github.com/user-attachments/assets/b720c639-2afe-435a-bfdd-407d5d8dbd1a" /> The root cause appears to be that the application's authentication request to Spotify's `keymaster` endpoint is using a default `client_id` that is consistently rejected with a `403 Forbidden` error. This issue persists even when a custom `client_id` and `client_secret` are correctly configured in `app.toml`. Previous logs showed that the application would load the custom `client_id` from the config file but still use the hardcoded default ID in the actual API request, indicating the configuration is being ignored at the authentication level. ### Steps to Reproduce 1. On macOS, perform a complete removal of the application and all related files (`brew uninstall`, `rm -rf ~/.config/spotify-player`, `rm -rf ~/.cache/spotify-player`). 2. Reinstall `spotify-player` using Homebrew. 3. Configure `app.toml` with a valid, personal `client_id` and `client_secret` from the Spotify Developer Dashboard. 4. Ensure the correct `Redirect URI` (`http://127.0.0.1:8989/login`) is set in the Spotify App settings. 5. Run `spotify-player`. 6. Complete the authentication flow in the browser. 7. The application fails to load user data, and the logs show a `403 Forbidden` error. ### Expected behavior The application should use the configured credentials, successfully retrieve an auth token, and load the user's library. ### Actual behavior The application fails to authenticate with Spotify's backend, resulting in an empty UI and preventing any use of the application. ### Environment - **OS:** macOS - **Installation Method:** Homebrew ### Logs This log is from a fresh run after a complete reinstallation. All sensitive data has been redacted. ```log 2025-08-23T19:05:32.746101Z INFO spotify_player: Configurations: Configs { app_config: AppConfig { theme: "dracula", client_id: "[REDACTED]", ... }, cache_folder: "[REDACTED_HOME_DIR]/.cache/spotify-player" } 2025-08-23T19:05:32.751476Z INFO spotify_player::auth: Using cached credentials 2025-08-23T19:05:33.532525Z INFO librespot_core::session: Connecting to AP "ap-gue1.spotify.com:4070" 2025-08-23T19:05:34.122233Z INFO librespot_core::session: Authenticated as '[REDACTED_USERNAME]' ! 2025-08-23T19:05:34.122850Z INFO librespot_core::session: Country: "BR" 2025-08-23T19:05:34.123047Z INFO spotify_player::token: Getting a new authentication token... 2025-08-23T19:05:34.503788Z ERROR librespot_core::mercury: error 403 for uri hm://keymaster/token/authenticated?scope=...&client_id=[REDACTED]&device_id=[REDACTED] 2025-08-23T19:05:34.504065Z ERROR spotify_player::client::spotify: Failed to get a new token: failed to get the token: Service unavailable { error handling Mercury response: MercuryResponse { uri: "hm://keymaster/token/authenticated?scope=...&client_id=[REDACTED]&device_id=[REDACTED]", status_code: 403, payload: [[...]] } } 2025-08-23T19:05:34.504428Z WARN spotify_player: Failed to create a client socket for handling CLI commands: Address already in use (os error 48) 2025-08-23T19:05:34.504471Z ERROR client_request{request=GetUserSavedShows}: spotify_player::client::handlers: Failed to handle client request: Token is not valid 2025-08-23T19:05:34.758683Z ERROR client_request{request=GetUserPlaylists}: spotify_player::client::handlers: Failed to handle client request: get access token: failed to get the authentication token stored inside the client. 2025-08-23T19:05:35.505234Z ERROR spotify_player::client: Failed to retrieve current playback: Token is not valid 2025-08-23T19:05:41.138121Z ERROR spotify_player::ui: Failed to render the application: Input/output error (os error 5)
kerem 2026-03-02 23:47:56 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-02 23:47:57 +03:00
Author
Owner
Copy link

@luizpassaroni commented on GitHub (Aug 23, 2025):

Closing this as a duplicate of issue #802

<!-- gh-comment-id:3217272488 --> @luizpassaroni commented on GitHub (Aug 23, 2025): Closing this as a duplicate of issue #802
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
phase2
fix-broken-pipe
v0.0.0
v0.23.0
v0.22.1
v0.22.0
v0.21.3
v0.21.2
v0.21.1
v0.21.0
v0.20.7
v0.20.6
v0.20.5
v0.20.4
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.1
v0.18.2
v0.18.1
v0.18.0
v0.17.2
v0.17.1
v0.17.0
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.2
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.1
v0.13.0
v0.12.1
v0.12.0
v0.11.1
v0.11.0
v0.10.0
v0.9.8
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.0
v0.8.0
v0.7.0
v0.6.0
v0.5.2
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
documentation

   
enhancement

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
third-party

   
third-party

   
wontfix
No labels
bug
documentation
enhancement
good first issue
help wanted
pull-request
question
third-party
third-party
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spotify-player#478
No description provided.