mirror of
https://github.com/spotipy-dev/spotipy.git
synced 2026-04-26 16:15:51 +03:00
[GH-ISSUE #510] Client side app, getting users to make developer accounts #305
Labels
No labels
api-bug
bug
dependencies
documentation
duplicate
enhancement
external-ide
headless-mode
implicit-grant-flow
invalid
missing-endpoint
pr-welcome
private-api
pull-request
question
spotipy3
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/spotipy#305
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jessfdm-codes on GitHub (Jun 7, 2020).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/510
Hi,
I'm looking to make a mod for a game which allows you to, in limited ways, control your local Spotify Desktop application (so not actually streaming just sending playback commands).
The issue I'm facing is this:
I'd need to authenticate the user somehow and I plan on bascially running spotipy as an install script outside the game to authenticate the user then grabbing the tokens and putting them somewhere the mod's code can get to.
Since this will obviously be a client side program if I used my developer secret token anyone could grab it from the source code. So my question was if it's possible under Spotify's terms to get users to generate their own developer accounts and use their client secret which they paste in as part of the install script? Is this unfairly circumventing rate limiting?
@stephanebruckert commented on GitHub (Jun 7, 2020):
Hey @thomasfdm,
My guess is that asking users to create their own app wouldn't be a problem but this is something you should confirm by asking on https://community.spotify.com/t5/Spotify-for-Developers/bd-p/Spotify_Developer
The Implicit Grant Flow can be another possibility for you. It would let users use your Spotify app without sharing the secret. However this has yet to be implemented
@jessfdm-codes commented on GitHub (Jun 7, 2020):
Cool, I'll drop them an ask, and I'll have a look at implicit granting. Also, is there any general recommendations for how to store user tockens on disk that's accessible by multiple programs?
@DJSdev commented on GitHub (Jul 19, 2020):
If pull request #542 is accepted, using the SpotifyPCKE auth-manager, users will be able to authorize your app without needing to reveal/store your client secret within the app. This is the Spotify's preferred method for authorization.
@stephanebruckert commented on GitHub (Aug 30, 2020):
Going to close this as you can now use the PKCE auth manager as explained by @DJSdev