[GH-ISSUE #217] Question about Authorization Code Flow #151

New issue

Closed

opened 2026-02-27 19:26:20 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 19:26:20 +03:00

Owner

Originally created by @ghost on GitHub (Jan 24, 2021).
Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/217

Hi Jonathan,

I'm using the Authorization Code Flow and the code from your example doc.

When I visit auth.php I for the first time I am prompted to log into Spotify (testing on a new incognito window). Once logged in I am not presented with a web page listing the scopes and asking the user to authorise them - e.g. like on this screenshot for statsforspotify.com.

Instead, I am taken directly to the 'search.php' page which my callback.php redirects to.

Am I doing something wrong?

Each of the 3 pages are shown below.

Thanks!

Jim

auth.php

$session = new SpotifyWebAPI\Session(
    'CLIENT_ID',
    'CLIENT_SECRET',
    'REDIRECT_URI'
);

$options = [
    'scope' => [
		'user-read-recently-played',
		'user-top-read',
		'user-read-playback-position',
		'user-follow-modify',
		'user-read-currently-playing',
		'user-follow-read',
		'user-library-modify',
		'user-read-playback-position',
		'playlist-read-private',
		'user-read-email',
		'user-read-private',
		'user-library-read',
		'playlist-read-collaborative'
    ],
];

header('Location: ' . $session->getAuthorizeUrl($options));
die();

callback.php

$session = new SpotifyWebAPI\Session(
    'CLIENT_ID',
    'CLIENT_SECRET',
    'REDIRECT_URI'
);

// Request a access token using the code from Spotify
$session->requestAccessToken($_GET['code']);

$accessToken = $session->getAccessToken();
$refreshToken = $session->getRefreshToken();

// Starting session
if(!isset($_SESSION)) { session_start(); }
$sid = session_id();
$_SESSION["accessToken"] = $accessToken;
$_SESSION["refreshToken"] = $refreshToken;

header('Location: search.php');
die();

search.php

// @@@@@@@@@@@@@@@ CALL THE API @@@@@@@@@@@@@@@

$options = ['return_assoc' => true];
$api = new SpotifyWebAPI\SpotifyWebAPI($options);	
$api->setAccessToken($accessToken);

// @@@@@@@@@@@@@@@ search @@@@@@@@@@@@@@@

try {
    $search_options = ['offset' => 0,'limit' => $limit,'market' => 'from_token', 'include_external' => 'audio'];
    $search = $api->search("trees","artist",$search_options);
	r($search);
} catch (SpotifyWebAPI\SpotifyWebAPIException $e) {
	// $foo = $e->getCode();
	// r($foo);
	header('Location:index.php');
	exit;
}

Originally created by @ghost on GitHub (Jan 24, 2021). Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/217 Hi Jonathan, I'm using the Authorization Code Flow and the code from your [example doc](https://github.com/jwilsson/spotify-web-api-php/blob/9063d2f18934319b71393fb1780de32d45897df9/docs/examples/access-token-with-authorization-code-flow.md). When I visit `auth.php` I for the first time I am prompted to log into Spotify (testing on a new incognito window). Once logged in I am not presented with a web page listing the scopes and asking the user to authorise them - e.g. like on this [screenshot for statsforspotify.com](https://i.imgur.com/vizFNJi.png). Instead, I am taken directly to the 'search.php' page which my `callback.php` redirects to. Am I doing something wrong? Each of the 3 pages are shown below. Thanks! Jim ### auth.php ``` $session = new SpotifyWebAPI\Session( 'CLIENT_ID', 'CLIENT_SECRET', 'REDIRECT_URI' ); $options = [ 'scope' => [ 'user-read-recently-played', 'user-top-read', 'user-read-playback-position', 'user-follow-modify', 'user-read-currently-playing', 'user-follow-read', 'user-library-modify', 'user-read-playback-position', 'playlist-read-private', 'user-read-email', 'user-read-private', 'user-library-read', 'playlist-read-collaborative' ], ]; header('Location: ' . $session->getAuthorizeUrl($options)); die(); ``` ### callback.php ``` $session = new SpotifyWebAPI\Session( 'CLIENT_ID', 'CLIENT_SECRET', 'REDIRECT_URI' ); // Request a access token using the code from Spotify $session->requestAccessToken($_GET['code']); $accessToken = $session->getAccessToken(); $refreshToken = $session->getRefreshToken(); // Starting session if(!isset($_SESSION)) { session_start(); } $sid = session_id(); $_SESSION["accessToken"] = $accessToken; $_SESSION["refreshToken"] = $refreshToken; header('Location: search.php'); die(); ``` ### search.php ``` // @@@@@@@@@@@@@@@ CALL THE API @@@@@@@@@@@@@@@ $options = ['return_assoc' => true]; $api = new SpotifyWebAPI\SpotifyWebAPI($options); $api->setAccessToken($accessToken); // @@@@@@@@@@@@@@@ search @@@@@@@@@@@@@@@ try { $search_options = ['offset' => 0,'limit' => $limit,'market' => 'from_token', 'include_external' => 'audio']; $search = $api->search("trees","artist",$search_options); r($search); } catch (SpotifyWebAPI\SpotifyWebAPIException $e) { // $foo = $e->getCode(); // r($foo); header('Location:index.php'); exit; } ```

kerem

2026-02-27 19:26:20 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-27 19:26:21 +03:00

Author

Owner

@jwilsson commented on GitHub (Jan 24, 2021):

Hey Jim!
I think this might be because you've already accepted the app with those scopes on your Spotify account. You can remove access from your account settings. Or pass the 'show_dialog' => true option to getAuthorizeUrl() which will make sure the app approval screen is always shown.

@jwilsson commented on GitHub (Jan 24, 2021): Hey Jim! I think this might be because you've already accepted the app with those scopes on your Spotify account. You can remove access from your [account settings](https://www.spotify.com/en/account/apps/). Or pass the `'show_dialog' => true` option to `getAuthorizeUrl()` which will make sure the app approval screen is always shown.

kerem commented

2026-02-27 19:26:21 +03:00

Author

Owner

@ghost commented on GitHub (Jan 24, 2021):

Thanks Jonathan - I appreciate your patience!

I realise most of the questions I'm asking aren't issues, but more like "how-to" questions. It's very much appreciated that you take the time to respond so quickly and in such a lot of detail.

Thanks again

Jim

@ghost commented on GitHub (Jan 24, 2021): Thanks Jonathan - I appreciate your patience! I realise most of the questions I'm asking aren't issues, but more like "how-to" questions. It's very much appreciated that you take the time to respond so quickly and in such a lot of detail. Thanks again Jim