[GH-ISSUE #144] User can´t login

kerem commented

2026-02-27 19:25:59 +03:00

Owner

Originally created by @philliphemleb on GitHub (Nov 7, 2018).
Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/144

Hello,

I want the User to login with Authorization Code Flow. I literally copied your example code without any success.

That´s my function called "authentication". First time I called this function is when the user clicked on the login button, that´s works fine.
At the end of the function I send the request to the spotify URL that comes from "getAuthorizeUrl($options)" and the redirect URL send the request right back to the same function where I check if $_GET['code'] is set. But the $_GET['code'] is not set consistently.

It works fine a few Days ago, I dont know what I have done to make this broken.

Sorry for my english. I dont communicate often in this Language, because I life in Germany.
If you have some understanding asks because of my bad english, feel free to ask.

` public function authentication()
{
$session = new Session(
'c16933d6f92f4379a698322d4e273e69',
'3180bd72eb9e4c65a26cd1e770590bd3',
'http://localhost:8081/api/spotifyLogin'
);

if(isset($_GET['code']))
{
  $session->requestAccessToken($_GET['code']);

  $accessToken = $session->getAccessToken();
  $refreshToken = $session->getRefreshToken();

  $_SESSION['userAccessToken'] = $accessToken;
  $_SESSION['userRefreshToken'] = $refreshToken;

  header('Location: ' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']);
  die();
}

  $options = [
    'scope' => [
      'playlist-read-private',
      'user-read-private',
    ],
  ];

  header('Location: ' . $session->getAuthorizeUrl($options));
  die();

}`

Originally created by @philliphemleb on GitHub (Nov 7, 2018). Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/144 Hello, I want the User to login with Authorization Code Flow. I literally copied your example code without any success. That´s my function called "authentication". First time I called this function is when the user clicked on the login button, that´s works fine. At the end of the function I send the request to the spotify URL that comes from "getAuthorizeUrl($options)" and the redirect URL send the request right back to the same function where I check if $_GET['code'] is set. But the $_GET['code'] is not set consistently. It works fine a few Days ago, I dont know what I have done to make this broken. Sorry for my english. I dont communicate often in this Language, because I life in Germany. If you have some understanding asks because of my bad english, feel free to ask. ` public function authentication() { $session = new Session( 'c16933d6f92f4379a698322d4e273e69', '3180bd72eb9e4c65a26cd1e770590bd3', 'http://localhost:8081/api/spotifyLogin' ); if(isset($_GET['code'])) { $session->requestAccessToken($_GET['code']); $accessToken = $session->getAccessToken(); $refreshToken = $session->getRefreshToken(); $_SESSION['userAccessToken'] = $accessToken; $_SESSION['userRefreshToken'] = $refreshToken; header('Location: ' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']); die(); } $options = [ 'scope' => [ 'playlist-read-private', 'user-read-private', ], ]; header('Location: ' . $session->getAuthorizeUrl($options)); die(); }`

kerem

2026-02-27 19:25:59 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 7, 2018):

Hi!
Please try with the latest version (2.6.1), a bug with getAuthorizeUrl was just resolved there a few hours ago.

@jwilsson commented on GitHub (Nov 7, 2018): Hi! Please try with the latest version (`2.6.1`), a bug with `getAuthorizeUrl` was just resolved there a few hours ago.

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@philliphemleb commented on GitHub (Nov 7, 2018):

Thanks for you replay, jwilsson.
It also does not work with 2.6.1. The Same bug, the $_GET['code'] is not set so he skipped the if statement.
$_POST & $_GET are both empty

@philliphemleb commented on GitHub (Nov 7, 2018): Thanks for you replay, jwilsson. It also does not work with 2.6.1. The Same bug, the $_GET['code'] is not set so he skipped the if statement. $_POST & $_GET are both empty

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 8, 2018):

Hmm, are you using some PHP framework or something else that could make $_GET empty?

By the way, I would create a new app with a new client ID and client secret since they've been out in the open now.

@jwilsson commented on GitHub (Nov 8, 2018): Hmm, are you using some PHP framework or something else that could make `$_GET` empty? By the way, I would create a new app with a new client ID and client secret since they've been out in the open now.

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@philliphemleb commented on GitHub (Nov 8, 2018):

Oh yeah, forgot that.
I don´t use a PHP Framework.

@philliphemleb commented on GitHub (Nov 8, 2018): Oh yeah, forgot that. I don´t use a PHP Framework.

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 8, 2018):

But you are getting sent back to your redirect URI, but $_GET['code'] is sometimes empty?

@jwilsson commented on GitHub (Nov 8, 2018): But you are getting sent back to your redirect URI, but `$_GET['code']` is sometimes empty?

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@philliphemleb commented on GitHub (Nov 8, 2018):

It's every time

@philliphemleb commented on GitHub (Nov 8, 2018): It's every time

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 8, 2018):

Hmm, I don't know what to tell you. If you're getting to Spotify just fine but not getting a code back I don't think it's an issue in this library.

Perhaps try filing an issue over at Spotify's repo if you can't find anything else.

@jwilsson commented on GitHub (Nov 8, 2018): Hmm, I don't know what to tell you. If you're getting to Spotify just fine but not getting a code back I don't think it's an issue in this library. Perhaps try filing an issue over at [Spotify's repo](https://github.com/spotify/web-api) if you can't find anything else.

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@philliphemleb commented on GitHub (Nov 9, 2018):

Hey @jwilsson,
I don´t know what I did but it´s working somehow. First off, I updated to 2.6.1, then created a new Spotify App with a new client ID and client secret. That´s all I did to solve this problem.

I dont know if the next problem is related but if the user logged in with Facebook, he stays on the facebook page after the login process. Do you have any idea how I could solve this problem?

@philliphemleb commented on GitHub (Nov 9, 2018): Hey @jwilsson, I don´t know what I did but it´s working somehow. First off, I updated to 2.6.1, then created a new Spotify App with a new client ID and client secret. That´s all I did to solve this problem. I dont know if the next problem is related but if the user logged in with Facebook, he stays on the facebook page after the login process. Do you have any idea how I could solve this problem?

kerem commented

2026-02-27 19:25:59 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 10, 2018):

I don´t know what I did but it´s working somehow. First off, I updated to 2.6.1, then created a new Spotify App with a new client ID and client secret. That´s all I did to solve this problem.

Glad to hear that!

I dont know if the next problem is related but if the user logged in with Facebook, he stays on the facebook page after the login process. Do you have any idea how I could solve this problem?

You mean the Spotify login page is loaded in an iframe on a Facebook page? I don't think there's a way around that.

@jwilsson commented on GitHub (Nov 10, 2018): > I don´t know what I did but it´s working somehow. First off, I updated to 2.6.1, then created a new Spotify App with a new client ID and client secret. That´s all I did to solve this problem. Glad to hear that! > I dont know if the next problem is related but if the user logged in with Facebook, he stays on the facebook page after the login process. Do you have any idea how I could solve this problem? You mean the Spotify login page is loaded in an `iframe` on a Facebook page? I don't think there's a way around that.

kerem commented

2026-02-27 19:26:00 +03:00

Author

Owner

@philliphemleb commented on GitHub (Nov 13, 2018):

I playing around with my code a little bit and figured out the real problem I guess.
Thats the error message I get: "SpotifyWebAPIAuthException: Invalid authorization code"

Thats the Code which is responsible for this:
`public function authentication()
{
$session = new Session(
getenv('SPOTIFY_CLIENT_ID'),
getenv('SPOTIFY_CLIENT_SECRET'),
getenv('APP_URL') . '/api/spotifyLogin/'
);

if(isset($_GET['code']))
{
  $session->requestAccessToken($_GET['code']);

  $accessToken = $session->getAccessToken();
  $refreshToken = $session->getRefreshToken();

  $_SESSION['userAccessToken'] = $accessToken;
  $_SESSION['userRefreshToken'] = $refreshToken;

  header('Location: ' . $_SESSION['REQUEST_URI']);
  die();
}

  $options = [
    'scope' => [
      'playlist-read-private',
      'user-read-private',
    ],
  ];

  header('Location: ' . $session->getAuthorizeUrl($options));
  die();

}`

@philliphemleb commented on GitHub (Nov 13, 2018): I playing around with my code a little bit and figured out the real problem I guess. Thats the error message I get: "SpotifyWebAPIAuthException: Invalid authorization code" Thats the Code which is responsible for this: `public function authentication() { $session = new Session( getenv('SPOTIFY_CLIENT_ID'), getenv('SPOTIFY_CLIENT_SECRET'), getenv('APP_URL') . '/api/spotifyLogin/' ); if(isset($_GET['code'])) { $session->requestAccessToken($_GET['code']); $accessToken = $session->getAccessToken(); $refreshToken = $session->getRefreshToken(); $_SESSION['userAccessToken'] = $accessToken; $_SESSION['userRefreshToken'] = $refreshToken; header('Location: ' . $_SESSION['REQUEST_URI']); die(); } $options = [ 'scope' => [ 'playlist-read-private', 'user-read-private', ], ]; header('Location: ' . $session->getAuthorizeUrl($options)); die(); }`

kerem commented

2026-02-27 19:26:00 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 13, 2018):

The code is only valid once, if you've already used it to need to start over (i.e. go to the page again without the code query string.

You could also add a var_dump($_GET['code']) right after if(isset($_GET['code'])) to see that it's a proper code (should be a long string of random letters/numbers.

@jwilsson commented on GitHub (Nov 13, 2018): The code is only valid once, if you've already used it to need to start over (i.e. go to the page again without the `code` query string. You could also add a `var_dump($_GET['code'])` right after `if(isset($_GET['code']))` to see that it's a proper code (should be a long string of random letters/numbers.

kerem commented

2026-02-27 19:26:00 +03:00

Author

Owner

@philliphemleb commented on GitHub (Nov 14, 2018):

Thanks for you fast reply @jwilsson,
The variable is set correctly. I checked that with var_dump ($ _ GET ['code']) right after if(isset($_GET['code'])).

Everythinks works fine if I don´t using the Incognito Mode from Firefox. The error comes only when I use this mode. Although I've destroyed my session for testing

If the User wants to see his playlists at the moment, my Template sends the User to the Method SpotifyLogin():

  public function spotifyUserLogin()
  {
    $this->spotifyUserLogin->authentication();
  }

Right after this is the authentication() method:

public function authentication()
{
$session = new Session(
getenv('SPOTIFY_CLIENT_ID'),
getenv('SPOTIFY_CLIENT_SECRET'),
getenv('APP_URL') . '/api/spotifyLogin/'
);

if(isset($_GET['code']))
{
  $session->requestAccessToken($_GET['code']);

  $accessToken = $session->getAccessToken();
  $refreshToken = $session->getRefreshToken();

  $_SESSION['userAccessToken'] = $accessToken;
  $_SESSION['userRefreshToken'] = $refreshToken;

  header('Location: ' . $_SESSION['REQUEST_URI']);
  die();
}

  $options = [
    'scope' => [
      'playlist-read-private',
      'user-read-private',
    ],
  ];

  header('Location: ' . $session->getAuthorizeUrl($options));
  die();

}

@philliphemleb commented on GitHub (Nov 14, 2018): Thanks for you fast reply @jwilsson, The variable is set correctly. I checked that with var_dump ($ _ GET ['code']) right after if(isset($_GET['code'])). Everythinks works fine if I don´t using the Incognito Mode from Firefox. The error comes only when I use this mode. Although I've destroyed my session for testing If the User wants to see his playlists at the moment, my Template sends the User to the Method SpotifyLogin(): ``` public function spotifyUserLogin() { $this->spotifyUserLogin->authentication(); } ``` Right after this is the authentication() method: ``` public function authentication() { $session = new Session( getenv('SPOTIFY_CLIENT_ID'), getenv('SPOTIFY_CLIENT_SECRET'), getenv('APP_URL') . '/api/spotifyLogin/' ); if(isset($_GET['code'])) { $session->requestAccessToken($_GET['code']); $accessToken = $session->getAccessToken(); $refreshToken = $session->getRefreshToken(); $_SESSION['userAccessToken'] = $accessToken; $_SESSION['userRefreshToken'] = $refreshToken; header('Location: ' . $_SESSION['REQUEST_URI']); die(); } $options = [ 'scope' => [ 'playlist-read-private', 'user-read-private', ], ]; header('Location: ' . $session->getAuthorizeUrl($options)); die(); } ```

kerem commented

2026-02-27 19:26:00 +03:00

Author

Owner

@jwilsson commented on GitHub (Nov 14, 2018):

I don't know what to tell you, I tried it in Firefox Incognito Mode and it works.

I really don't think this is an issue with this library though, and I think you'll get better help using Stack Overflow or on the Spotify Issue Tracker.

Sorry we couldn't figure it out!

@jwilsson commented on GitHub (Nov 14, 2018): I don't know what to tell you, I tried it in Firefox Incognito Mode and it works. I really don't think this is an issue with this library though, and I think you'll get better help using [Stack Overflow](https://stackoverflow.com/) or on the [Spotify Issue Tracker](https://github.com/spotify/web-api). Sorry we couldn't figure it out!

Rows
Columns

[GH-ISSUE #144] User can´t login #88