[GH-ISSUE #243] Refreshing page causes Invalid authorization code #173

New issue

Closed

opened 2026-02-27 19:26:26 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 19:26:26 +03:00

Owner

Originally created by @dgtyPedro on GitHub (Dec 30, 2021).
Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/243

I use the auth example given here to do my homepage but everytimes I refresh the page the token code gets invalidated, this happens because on refresh the $_GET['code'] stays the same as previous.

$api = new SpotifyWebAPI\SpotifyWebAPI();
if (isset($_GET['code'])) {
    
    $session->requestAccessToken($_GET['code']);
    $refreshToken = $session->getRefreshToken();
    $api->setAccessToken($session->getAccessToken());
    include ('html/home.php');

} else {

    header('Location: ' . $session->getAuthorizeUrl($options));
    die();
}

I wonder if I can do something with the Refresh Token but I don't want to mess with the other page that uses this token (this one does not have the token in the URL).

I already tried to do something like this:

if (isset($_GET['code']) && $api->setAccessToken($session->getAccessToken())) {

 
    $session->requestAccessToken($_GET['code']);
    $refreshToken = $session->getRefreshToken(); 
    include ('html/home.php');


} else {

    header('Location: ' . $session->getAuthorizeUrl($options));
    die();
}

but it give me too many redirects, causing the page to crash.

Originally created by @dgtyPedro on GitHub (Dec 30, 2021). Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/243 I use the auth example given here to do my homepage but everytimes I refresh the page the token code gets invalidated, this happens because on refresh the $_GET['code'] stays the same as previous. ```php $api = new SpotifyWebAPI\SpotifyWebAPI(); if (isset($_GET['code'])) { $session->requestAccessToken($_GET['code']); $refreshToken = $session->getRefreshToken(); $api->setAccessToken($session->getAccessToken()); include ('html/home.php'); } else { header('Location: ' . $session->getAuthorizeUrl($options)); die(); } ``` I wonder if I can do something with the Refresh Token but I don't want to mess with the other page that uses this token (this one does not have the token in the URL). I already tried to do something like this: ```php if (isset($_GET['code']) && $api->setAccessToken($session->getAccessToken())) { $session->requestAccessToken($_GET['code']); $refreshToken = $session->getRefreshToken(); include ('html/home.php'); } else { header('Location: ' . $session->getAuthorizeUrl($options)); die(); } ``` but it give me too many redirects, causing the page to crash.

kerem closed this issue

2026-02-27 19:26:26 +03:00

kerem commented

2026-02-27 19:26:27 +03:00

Author

Owner

@dgtyPedro commented on GitHub (Dec 30, 2021):

I fixed inserting a try catch method. The code ended like this:

$api = new SpotifyWebAPI\SpotifyWebAPI();
if (isset($_GET['code'])) {
    try{
        $session->requestAccessToken($_GET['code']);
        $refreshToken = $session->getRefreshToken();
        $api->setAccessToken($session->getAccessToken());
        include ('html/home.php');
    }catch (exception $e){
        header('Location: ' . $session->getAuthorizeUrl($options));
        die();
    }
    
    
} else {
    header('Location: ' . $session->getAuthorizeUrl($options));
    die();
}

@dgtyPedro commented on GitHub (Dec 30, 2021): I fixed inserting a try catch method. The code ended like this: ```php $api = new SpotifyWebAPI\SpotifyWebAPI(); if (isset($_GET['code'])) { try{ $session->requestAccessToken($_GET['code']); $refreshToken = $session->getRefreshToken(); $api->setAccessToken($session->getAccessToken()); include ('html/home.php'); }catch (exception $e){ header('Location: ' . $session->getAuthorizeUrl($options)); die(); } } else { header('Location: ' . $session->getAuthorizeUrl($options)); die(); } ```

kerem commented

2026-02-27 19:26:27 +03:00

Author

Owner

@dgtyPedro commented on GitHub (Mar 10, 2022):

New fix.

This fix that I posted would cause too many redirects on some devices, because of this situations now I use:

$api = new SpotifyWebAPI\SpotifyWebAPI();
if (isset($_GET['code'])) {
    try{
        $session->requestAccessToken($_GET['code']);
        $refreshToken = $session->getRefreshToken();
        $api->setAccessToken($session->getAccessToken());
        include ('html/home.php');
    }catch (exception $e){
        header('Location: ' . $YOUR_BASE_URL_HERE);
        die();
    }
    
    
} else {
    header('Location: ' . $session->getAuthorizeUrl($options));
    die();
}

@dgtyPedro commented on GitHub (Mar 10, 2022): New fix. This fix that I posted would cause too many redirects on some devices, because of this situations now I use: ```php $api = new SpotifyWebAPI\SpotifyWebAPI(); if (isset($_GET['code'])) { try{ $session->requestAccessToken($_GET['code']); $refreshToken = $session->getRefreshToken(); $api->setAccessToken($session->getAccessToken()); include ('html/home.php'); }catch (exception $e){ header('Location: ' . $YOUR_BASE_URL_HERE); die(); } } else { header('Location: ' . $session->getAuthorizeUrl($options)); die(); } ```