mirror of
https://github.com/jwilsson/spotify-web-api-php.git
synced 2026-04-26 23:45:49 +03:00
[GH-ISSUE #255] Warning: Undefined variable $storedState in C:\xampp\htdocs\apis2\callback.php on line 15 State mismatch #185
Labels
No labels
bug
docs
enhancement
enhancement
enhancement
feedback wanted
good first issue
help wanted
help wanted
help wanted
invalid
pull-request
question
question
upstream
upstream
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/spotify-web-api-php#185
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @mroscar20192020 on GitHub (Nov 19, 2022).
Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/255
Hello,how can i solve this problem ?
@bmartus commented on GitHub (Nov 19, 2022):
Can you provide more of your code? It's hard to tell with just the warning.
@mroscar20192020 commented on GitHub (Nov 19, 2022):
@bluemath
auth.php
require 'vendor/autoload.php';
$session = new SpotifyWebAPI\Session(
'client id',
'', // Normally the client secret, but this value can be omitted when using the PKCE flow
'https://localhost/apis2/callback.php'
);
$verifier = $session->generateCodeVerifier(); // Store this value somewhere, a session for example
$challenge = $session->generateCodeChallenge($verifier);
$state = $session->generateState();
$options = [
'code_challenge' => $challenge,
'scope' => [
'playlist-read-private',
'user-read-private',
],
'state' => $state,
];
header('Location: ' . $session->getAuthorizeUrl($options));
die();
callback.php
require 'vendor/autoload.php';
$session = new SpotifyWebAPI\Session(
'client id',
'client secret',
'https://localhost/apis2/app.php'
);
$state = $_GET['state'];
// Fetch the stored state value from somewhere. A session for example
if ($state !== $storedState) {
// The state returned isn't the same as the one we've stored, we shouldn't continue
die('State mismatch');
}
// Request a access token using the code from Spotify and the previously created code verifier
$session->requestAccessToken($_GET['code'], $verifier);
$accessToken = $session->getAccessToken();
$refreshToken = $session->getRefreshToken();
// Store the access and refresh tokens somewhere. In a session for example
// Send the user along and fetch some data!
header('Location: app.php');
die();
app.php
require 'vendor/autoload.php';
$api = new SpotifyWebAPI\SpotifyWebAPI();
// Fetch the saved access token from somewhere. A session for example.
$api->setAccessToken($accessToken);
// It's now possible to request data about the currently authenticated user
print_r(
$api->me()
);
// Getting Spotify catalog data is of course also possible
print_r(
$api->getTrack('7EjyzZcbLxW7PaaLua9Ksb')
);
@mroscar20192020 commented on GitHub (Nov 19, 2022):
the problem with callback.php
can't find variable $storedState
@jwilsson commented on GitHub (Nov 20, 2022):
Hey!
I'm guessing you're following the examples from Authorization Using the Proof Key for Code Exchange (PKCE) Flow
?
The
$storedStatevariable is something you'll need to set yourself, based on a state value you've set somewhere in the first step (a PHP session for example). I've purposefully not included that logic in the example since I don't want ro recommend one approach over another, but leave that up to the user. You could also simply remove thatifstatement if you're just playing around but it's highly recommended to perform that kind of check in a real application.Hope this solves your issue!
@mroscar20192020 commented on GitHub (Nov 20, 2022):
thank you sir it's work