[GH-ISSUE #830] `Insufficient client scope` when upgrading from `2.4.4` to `2.19.0` #511

New issue

Open

opened 2026-02-27 23:23:03 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 23:23:03 +03:00

Owner

Originally created by @SHxKM on GitHub (Jun 16, 2022).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/830

Hi all.

I've already reported one breaking change going from 2.4.4 to 2.19.0. It seems that there's another one.

Just for background: I've been using spotipy version 2.4.4 since around ~2019. My app has thousands of Spotify users, and it uses both user-level and non-user-level calls to Spotify API via spotipy. It has worked flawlessly until the update.

Today a user signed up and connected a Spotify account, the first user since I upgraded spotipy to 2.19.0. And while doing a call against his account I got this error:

HTTP Error for GET to https://api.spotify.com/v1/me/following with Params: {'type': 'artist', 'limit': 50, 'after': None} returned 403 due to Insufficient client scope

I was afraid that the upgrade would cause permanent authorization errors for more users, so I rolled-back to 2.4.4 and guess what? the same calls against the user's library were now working...

I'm wondering whether anyone can shed some light on what were the breaking changes in the auth mechanism, besides the aforementioned issue I've linked so far.

Thank you very much for your work!

Originally created by @SHxKM on GitHub (Jun 16, 2022). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/830 Hi all. I've already reported [one breaking change](https://github.com/plamere/spotipy/issues/828) going from `2.4.4` to `2.19.0`. It seems that there's another one. Just for background: I've been using `spotipy` version `2.4.4` since around ~2019. My app has thousands of Spotify users, and it uses both user-level and non-user-level calls to Spotify API via `spotipy`. It has worked flawlessly until the update. Today a user signed up and connected a Spotify account, the first user since I upgraded `spotipy` to `2.19.0`. And while doing a call against his account I got this error: ``` HTTP Error for GET to https://api.spotify.com/v1/me/following with Params: {'type': 'artist', 'limit': 50, 'after': None} returned 403 due to Insufficient client scope ``` I was afraid that the upgrade would cause permanent authorization errors for more users, so I rolled-back to `2.4.4` and guess what? the same calls against the user's library were now working... I'm wondering whether anyone can shed some light on what were the breaking changes in the auth mechanism, besides the aforementioned issue I've linked so far. Thank you very much for your work!

kerem added the

question

label

2026-02-27 23:23:03 +03:00

kerem commented

2026-02-27 23:23:04 +03:00

Author

Owner

@Peter-Schorn commented on GitHub (Jun 16, 2022):

HTTP Error for GET to https://api.spotify.com/v1/me/following with Params: {'type': 'artist', 'limit': 50, 'after': None} returned 403 due to Insufficient client scope

That means the user is not authorized for the scopes the method requires. Consider the authorization information you have in persistent storage.

@Peter-Schorn commented on GitHub (Jun 16, 2022): > ``` > HTTP Error for GET to https://api.spotify.com/v1/me/following with Params: {'type': 'artist', 'limit': 50, 'after': None} returned 403 due to Insufficient client scope > ``` That means the user is not authorized for the scopes the method requires. Consider the authorization information you have in persistent storage.

kerem commented

2026-02-27 23:23:04 +03:00

Author

Owner

@stephanebruckert commented on GitHub (Jun 18, 2022):

@SHxKM there is no such list of breaking changes because version 2 is supposed to be backward-compatible. If you suspect a breaking change when moving from 2.x to 2.x, then please open a bug report with a minimal code example, complete error and stack trace. It's also possible the bug is already reported.

What would be really helpful as well is if you were able to find which exact version makes your code fail. It'll be easier to look at a single version changes rather than 3 years of changes. Thanks!

@stephanebruckert commented on GitHub (Jun 18, 2022): @SHxKM there is no such list of breaking changes because version 2 is supposed to be backward-compatible. If you suspect a breaking change when moving from 2.x to 2.x, then please open a bug report with a minimal code example, complete error and stack trace. It's also possible the bug is already reported. What would be really helpful as well is if you were able to find which exact version makes your code fail. It'll be easier to look at a single version changes rather than 3 years of changes. Thanks!

kerem commented

2026-02-27 23:23:04 +03:00

Author

Owner

@AnsgarSchmidt commented on GitHub (Jul 6, 2022):

I have the same problem getting

requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.spotify.com/v1/me/top/tracks?time_range=medium_term&limit=100&offset=0
```
SCOPE                 = 'playlist-modify-public user-top-read ugc-image-upload'

Same code was working with and old version.

@AnsgarSchmidt commented on GitHub (Jul 6, 2022): I have the same problem getting ```` requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.spotify.com/v1/me/top/tracks?time_range=medium_term&limit=100&offset=0 ``` SCOPE = 'playlist-modify-public user-top-read ugc-image-upload' Same code was working with and old version.

kerem commented

2026-02-27 23:23:04 +03:00

Author

Owner

@SoftwareSchlosser commented on GitHub (Jan 31, 2024):

Try this scope:
user-follow-read

@SoftwareSchlosser commented on GitHub (Jan 31, 2024): Try this scope: `user-follow-read`