starred/spotipy
1
0
Fork 0
mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-04-27 00:25:54 +03:00
Code Issues 62 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #781] get_cached_token() when multiple users are connected #482

New issue
Closed
opened 2026-02-27 23:22:52 +03:00 by kerem · 9 comments
kerem commented 2026-02-27 23:22:52 +03:00
Owner
Copy link

Originally created by @NicoCaldo on GitHub (Feb 13, 2022).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/781

I'm building an app where users can log in with Spotify to do stuff.

Now, I have set up the login flow but I have an issue with get_cached_token() function. It seems that it saves only one toke. Is it the correct behavior?

I'm asking because my app has multiple users, everyone needs to access Spotify so a token is created for each one of the users.

Do I need to extend or create my own get_cached_token() function to manage the link between tokens and users?

Originally created by @NicoCaldo on GitHub (Feb 13, 2022). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/781 I'm building an app where users can log in with Spotify to do stuff. Now, I have set up the login flow but I have an issue with `get_cached_token()` function. It seems that it saves only one toke. Is it the correct behavior? I'm asking because my app has multiple users, everyone needs to access Spotify so a token is created for each one of the users. Do I need to extend or create my own `get_cached_token()` function to manage the link between tokens and users?
kerem 2026-02-27 23:22:52 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@Peter-Schorn commented on GitHub (Feb 14, 2022):

but I have an issue with get_cached_token() function

Which one? There are multiple classes in this repo with this method.

Are you building a web app? If so, are you saying that you want multiple users to log in within the same browser session? Or are you simply saying that multiple clients will connect your web app?

<!-- gh-comment-id:1038688520 --> @Peter-Schorn commented on GitHub (Feb 14, 2022): > but I have an issue with `get_cached_token()` function Which one? There are multiple classes in this repo with this method. Are you building a web app? If so, are you saying that you want multiple users to log in within the same browser session? Or are you simply saying that multiple clients will connect your web app?
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@NicoCaldo commented on GitHub (Feb 14, 2022):

@Peter-Schorn thanks for your answer.

I'm building a web app where users can register and log in to it (so multiple access connected to my web app). once a user is registered, it can connect its Spotify account. On the backend I handle this connection with spotify_oauth2().get_authorize_url() and then I request the access token with acc_token = spotify_oauth2().get_access_token(spotify_code) where spotify_code is the one I got on the URL from the callback

def spotify_oauth2():
    sp_auth = oauth2.SpotifyOAuth(client_id=str(os.getenv('SPOTIPY_CLIENT_ID')),
                                  client_secret=str(os.getenv('SPOTIPY_CLIENT_SECRET')),
                                  redirect_uri="http://127.0.0.1:8000/members/spotify_callback",
                                  scope="user-library-read")
    return sp_auth

I got a function that check if the user is already logged using sp_auth = spotify_oauth2() and token_info = sp_auth.get_cached_token() but, in this way in the cache, there's always only one access token from the last user that requests something.

I'm wondering if there's a way to have the access token split per user or do I need to build it myself?

<!-- gh-comment-id:1038715101 --> @NicoCaldo commented on GitHub (Feb 14, 2022): @Peter-Schorn thanks for your answer. I'm building a web app where users can register and log in to it (so multiple access connected to my web app). once a user is registered, it can connect its Spotify account. On the backend I handle this connection with `spotify_oauth2().get_authorize_url()` and then I request the access token with `acc_token = spotify_oauth2().get_access_token(spotify_code)` where spotify_code is the one I got on the URL from the callback ``` def spotify_oauth2(): sp_auth = oauth2.SpotifyOAuth(client_id=str(os.getenv('SPOTIPY_CLIENT_ID')), client_secret=str(os.getenv('SPOTIPY_CLIENT_SECRET')), redirect_uri="http://127.0.0.1:8000/members/spotify_callback", scope="user-library-read") return sp_auth ``` I got a function that check if the user is already logged using `sp_auth = spotify_oauth2()` and `token_info = sp_auth.get_cached_token()` but, in this way in the cache, there's always only one access token from the last user that requests something. I'm wondering if there's a way to have the access token split per user or do I need to build it myself?
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@Peter-Schorn commented on GitHub (Feb 14, 2022):

See this example. You should be using a CacheFileHandler with a cache path that is unique to the browser session so that each session stores a separate copy of the authorization info. Otherwise, each successive user will overwrite the authorization info for the last user.

<!-- gh-comment-id:1038723370 --> @Peter-Schorn commented on GitHub (Feb 14, 2022): See [this example](https://github.com/plamere/spotipy/blob/master/examples/app.py). You should be using a `CacheFileHandler` with a cache path that is unique to the browser session so that each session stores a separate copy of the authorization info. Otherwise, each successive user will overwrite the authorization info for the last user.
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@NicoCaldo commented on GitHub (Feb 14, 2022):

Thanks a lot for the explanation. So, in this way, I can also use the refresh_access_token(refresh_token) method to refresh it, can I?

<!-- gh-comment-id:1038734008 --> @NicoCaldo commented on GitHub (Feb 14, 2022): Thanks a lot for the explanation. So, in this way, I can also use the `refresh_access_token(refresh_token)` method to refresh it, can I?
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@Peter-Schorn commented on GitHub (Feb 14, 2022):

Do not call any methods that refresh the access token directly. This will be done automatically for you.

Also, for future reference, when you mention a method, you need to also mention the class that it belongs to. There are multiple classes with a refresh_access_token method in this repo.

<!-- gh-comment-id:1038741079 --> @Peter-Schorn commented on GitHub (Feb 14, 2022): Do not call any methods that refresh the access token directly. This will be done automatically for you. Also, for future reference, when you mention a method, you need to also mention the class that it belongs to. There are multiple classes with a `refresh_access_token` method in this repo.
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@NicoCaldo commented on GitHub (Feb 14, 2022):

Thanks for the tips. I'm knew to this library so I'm learning along the way :)

<!-- gh-comment-id:1038742054 --> @NicoCaldo commented on GitHub (Feb 14, 2022): Thanks for the tips. I'm knew to this library so I'm learning along the way :)
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@NicoCaldo commented on GitHub (Feb 14, 2022):

@Peter-Schorn
So I have tried to use the cache handler as you suggest with the following code

def spotify_oauth2(request):
    cache_handler = spotipy.cache_handler.CacheFileHandler(cache_path=session_cache_path(request))
    sp_auth = oauth2.SpotifyOAuth(client_id=str(os.getenv('SPOTIPY_CLIENT_ID')),
                                  client_secret=str(os.getenv('SPOTIPY_CLIENT_SECRET')),
                                  redirect_uri="http://127.0.0.1:8000/members/spotify_callback",
                                  scope="user-library-read",
                                  cache_handler=cache_handler)
    return sp_auth, cache_handler


def session_cache_path(request):
    return caches_folder + request.user.username

every user logged in has a unique username so the code correctly creates different cache files with different keys.

Now, I have tried login in with a user, linking the Spotify account, and getting the playlists of the account. Everything goes smoothly. The issue appears when I log out from the account and log in to another account and try to link to another Spotify Account. If you first don't log out from Spotify via browser, it will load the account that has been already logged but, it still creates a different cache file

<!-- gh-comment-id:1039625601 --> @NicoCaldo commented on GitHub (Feb 14, 2022): @Peter-Schorn So I have tried to use the cache handler as you suggest with the following code ``` def spotify_oauth2(request): cache_handler = spotipy.cache_handler.CacheFileHandler(cache_path=session_cache_path(request)) sp_auth = oauth2.SpotifyOAuth(client_id=str(os.getenv('SPOTIPY_CLIENT_ID')), client_secret=str(os.getenv('SPOTIPY_CLIENT_SECRET')), redirect_uri="http://127.0.0.1:8000/members/spotify_callback", scope="user-library-read", cache_handler=cache_handler) return sp_auth, cache_handler def session_cache_path(request): return caches_folder + request.user.username ``` every user logged in has a unique username so the code correctly creates different cache files with different keys. Now, I have tried login in with a user, linking the Spotify account, and getting the playlists of the account. Everything goes smoothly. The issue appears when I log out from the account and log in to another account and try to link to another Spotify Account. If you first don't log out from Spotify via browser, it will load the account that has been already logged but, it still creates a different cache file
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@Peter-Schorn commented on GitHub (Feb 15, 2022):

Pass in True for the show_dialog parameter of the initializer for SpotifyOAuth.

<!-- gh-comment-id:1039801383 --> @Peter-Schorn commented on GitHub (Feb 15, 2022): Pass in `True` for the `show_dialog` parameter of the initializer for `SpotifyOAuth`.
kerem commented 2026-02-27 23:22:53 +03:00
Author
Owner
Copy link

@stephanebruckert commented on GitHub (Jul 9, 2024):

Seems resolved, closing

<!-- gh-comment-id:2218383486 --> @stephanebruckert commented on GitHub (Jul 9, 2024): Seems resolved, closing
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
feature/2026-02-changes
feature/invalid-uri-warning
feature/refresh-endpoints
doc-deprecations
revert-synchronize
v3
run-tests
bugfix/1149-change-cache-name
2.23.0
v3_oldprsonly
2.26.0
2.25.2
2.25.1
2.25.0
2.24.0
2.23.0
2.22.1
2.22.0
2.21.0
2.20.0
2.19.0
2.18.0
2.17.1
2.17.0
2.16.1
2.16.0
2.15.0
2.14.0
2.13.0
2.12.0
2.11.2
2.11.1
2.11.0
2.10.0
2.9.0
2.8.0
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.5.0
Labels
Clear labels   
api-bug

   
bug

   
dependencies

   
documentation

   
duplicate

   
enhancement

   
external-ide

   
headless-mode

   
implicit-grant-flow

   
invalid

   
missing-endpoint

   
pr-welcome

   
private-api

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
spotipy3

   
wontfix
No labels
api-bug
bug
dependencies
documentation
duplicate
enhancement
external-ide
headless-mode
implicit-grant-flow
invalid
missing-endpoint
pr-welcome
private-api
pull-request
question
spotipy3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spotipy#482
No description provided.