[GH-ISSUE #181] [Question] About refresh token #119

New issue

Closed

opened 2026-02-27 19:26:10 +03:00 by kerem · 3 comments

kerem commented

2026-02-27 19:26:10 +03:00

Owner

Originally created by @foremtehan on GitHub (Jan 13, 2020).
Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/181

Am i doing it right ? I want to refresh access token when it expires, Does it refresh token for every api call ? :

    /**
     * Spotify constructor.
     */
    public function __construct()
    {
        $this->api = $this->getToken();
    }

    private function getToken()
    {
        $session = new Session(
            'CLIENT_ID',
            'SECRET_ID',
        );

        $api = new SpotifyWebAPI();

        $api->setSession($session);
        $api->setOptions([
            'auto_refresh' => true,
        ]);

        $session->refreshAccessToken('refresh_token');

        $newAccessToken  = $session->getAccessToken();
        $newRefreshToken = $session->getRefreshToken();

        $session->setAccessToken($newAccessToken);
        $session->setRefreshToken($newRefreshToken);

        return $api;
    }

Originally created by @foremtehan on GitHub (Jan 13, 2020). Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/181 Am i doing it right ? I want to refresh access token when it expires, Does it refresh token for every api call ? : ```php /** * Spotify constructor. */ public function __construct() { $this->api = $this->getToken(); } private function getToken() { $session = new Session( 'CLIENT_ID', 'SECRET_ID', ); $api = new SpotifyWebAPI(); $api->setSession($session); $api->setOptions([ 'auto_refresh' => true, ]); $session->refreshAccessToken('refresh_token'); $newAccessToken = $session->getAccessToken(); $newRefreshToken = $session->getRefreshToken(); $session->setAccessToken($newAccessToken); $session->setRefreshToken($newRefreshToken); return $api; } ```

kerem

2026-02-27 19:26:10 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-27 19:26:11 +03:00

Author

Owner

@jwilsson commented on GitHub (Jan 13, 2020):

Hey!
Yes, that code will refresh the access token automatically when it detects an expired one.

Some parts of your code isn't needed though and I recommend you to store the (possibly new) access and refresh tokens somewhere (like a database or session). I'd rewrite it like this:

    /**
     * Spotify constructor.
     */
    public function __construct()
    {
        $this->api = $this->getToken();
    }

    private function getToken()
    {
        $session = new Session(
            'CLIENT_ID',
            'SECRET_ID',
        );

        // Fetch previously requested tokens and set them on the Session instance here

        if ($oldAccessToken && $oldRefreshToken) {
            $session->setAccessToken($oldAccessToken);
            $session->setRefreshToken($oldRefreshToken);
        }

        $api = new SpotifyWebAPI();

        $api->setSession($session);
        $api->setOptions([
            'auto_refresh' => true,
        ]);

        $newAccessToken  = $session->getAccessToken();
        $newRefreshToken = $session->getRefreshToken();

        // Store the new tokens somewhere else here

        return $api;
    }

Hope this helps!

@jwilsson commented on GitHub (Jan 13, 2020): Hey! Yes, that code will refresh the access token automatically when it detects an expired one. Some parts of your code isn't needed though and I recommend you to store the (possibly new) access and refresh tokens somewhere (like a database or session). I'd rewrite it like this: ```php /** * Spotify constructor. */ public function __construct() { $this->api = $this->getToken(); } private function getToken() { $session = new Session( 'CLIENT_ID', 'SECRET_ID', ); // Fetch previously requested tokens and set them on the Session instance here if ($oldAccessToken && $oldRefreshToken) { $session->setAccessToken($oldAccessToken); $session->setRefreshToken($oldRefreshToken); } $api = new SpotifyWebAPI(); $api->setSession($session); $api->setOptions([ 'auto_refresh' => true, ]); $newAccessToken = $session->getAccessToken(); $newRefreshToken = $session->getRefreshToken(); // Store the new tokens somewhere else here return $api; } ``` Hope this helps!

kerem commented

2026-02-27 19:26:11 +03:00

Author

Owner

@foremtehan commented on GitHub (Jan 13, 2020):

@jwilsson thanks! But i dont understand this part :

if ($oldAccessToken && $oldRefreshToken) If i store this old tokens somewhere else the if condition always be true, Should i (how) check the tokens expiration before condition?

@foremtehan commented on GitHub (Jan 13, 2020): @jwilsson thanks! But i dont understand this part : `if ($oldAccessToken && $oldRefreshToken)` If i store this old tokens somewhere else the if condition always be true, Should i (how) check the tokens expiration before condition?

kerem commented

2026-02-27 19:26:11 +03:00

Author

Owner

@jwilsson commented on GitHub (Jan 13, 2020):

@foremtehan No, you don't need to check the expiration. It'll refresh them if needed. You can skip the if statement if you're sure you'll always have something stored (they're not being null).

@jwilsson commented on GitHub (Jan 13, 2020): @foremtehan No, you don't need to check the expiration. It'll refresh them if needed. You can skip the `if` statement if you're sure you'll always have something stored (they're not being null).