starred/spotipy
1
0
Fork 0
mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-04-26 16:15:51 +03:00
Code Issues 62 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #864] Authentication page pops up every time spotipy.oauth2.SpotifyPKCE() is called #534

New issue
Open
opened 2026-02-27 23:23:11 +03:00 by kerem · 4 comments
kerem commented 2026-02-27 23:23:11 +03:00
Owner
Copy link

Originally created by @TheMayhem6328 on GitHub (Oct 5, 2022).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/864

Hello! I can't seem to figure out why oauth page pops up every time I call spotify - trying to use PKCE method to prevent client_secret leak. Here's an example code that I'm running

import spotipy
secret = spotipy.oauth2.SpotifyPKCE("<clientid>", "http://127.0.0.1:8000/spotify/callback/", cache_handler= spotipy.CacheFileHandler(".cache_sp"))
spotify   = spotipy.Spotify(auth_manager=secret)


# Build result
query             = "This is a test"
result            = spotify.search(q=query,type="track")
resultTrack       = spotify.track(track_id=result["tracks"]["items"][0]["id"])
resultAlbum       = spotify.album(album_id=resultTrack["album"]["id"])
resultFeatures    = spotify.audio_features(resultTrack["id"])[0]


# Printout - not actually there in my implementation
print(str(result))
print(str(resultTrack))
print(str(resultAlbum))
print(str(resultFeatures))

This code asks for authentication 4 times - I can see that the token is being cached, but why is the script not using cache and re-authenticating every time? I'm new to Spotipy, Spotify API and anything API really, by the way.

Originally created by @TheMayhem6328 on GitHub (Oct 5, 2022). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/864 <!--- Please make sure you've: - read the FAQ https://github.com/plamere/spotipy/blob/master/FAQ.md - read the documentation https://spotipy.readthedocs.io/en/latest/ - searched older issues If your question is about code, please share the code you are using ---> Hello! I can't seem to figure out why oauth page pops up every time I call `spotify` - trying to use PKCE method to prevent `client_secret` leak. Here's an example code that I'm running ```py import spotipy secret = spotipy.oauth2.SpotifyPKCE("<clientid>", "http://127.0.0.1:8000/spotify/callback/", cache_handler= spotipy.CacheFileHandler(".cache_sp")) spotify = spotipy.Spotify(auth_manager=secret) # Build result query = "This is a test" result = spotify.search(q=query,type="track") resultTrack = spotify.track(track_id=result["tracks"]["items"][0]["id"]) resultAlbum = spotify.album(album_id=resultTrack["album"]["id"]) resultFeatures = spotify.audio_features(resultTrack["id"])[0] # Printout - not actually there in my implementation print(str(result)) print(str(resultTrack)) print(str(resultAlbum)) print(str(resultFeatures)) ``` This code asks for authentication 4 times - I can see that the token is being cached, but why is the script not using cache and re-authenticating every time? I'm new to Spotipy, Spotify API and anything API really, by the way.
kerem commented 2026-02-27 23:23:12 +03:00
Author
Owner
Copy link

@Peter-Schorn commented on GitHub (Oct 6, 2022):

It looks like there is a bug in which the token info is rejected as invalid if it is not authorized for any scopes. As a workaround, for these endpoints, you can use the SpotifyClientCredentials authorization manager, or authorize for at least one scope.

<!-- gh-comment-id:1269130859 --> @Peter-Schorn commented on GitHub (Oct 6, 2022): It looks like there is a bug in which the token info is rejected as invalid if it is not authorized for any scopes. As a workaround, for these endpoints, you can use the `SpotifyClientCredentials` authorization manager, or authorize for at least one scope.
kerem commented 2026-02-27 23:23:12 +03:00
Author
Owner
Copy link

@TheMayhem6328 commented on GitHub (Oct 6, 2022):

Kinda relieved to know that I haven't been doing anything wrong. This is the workaround I found for now:

secret = spotipy.oauth2.SpotifyPKCE("<clientID>", "http://127.0.0.1:8000/spotify/callback/", cache_handler= spotipy.CacheFileHandler(".cache_sp"))
spotify   = spotipy.Spotify(auth=auth_mgr.get_access_token())

restOfMyCode()

Still asks for authorization, but now it at least asks for authentication only once per code run instead of every time spotipy.Spotify() is called

<!-- gh-comment-id:1270421746 --> @TheMayhem6328 commented on GitHub (Oct 6, 2022): Kinda relieved to know that I haven't been doing anything wrong. This is the workaround I found for now: ```py secret = spotipy.oauth2.SpotifyPKCE("<clientID>", "http://127.0.0.1:8000/spotify/callback/", cache_handler= spotipy.CacheFileHandler(".cache_sp")) spotify = spotipy.Spotify(auth=auth_mgr.get_access_token()) restOfMyCode() ``` Still asks for authorization, but now it at least asks for authentication only once per code run instead of every time `spotipy.Spotify()` is called
kerem commented 2026-02-27 23:23:12 +03:00
Author
Owner
Copy link

@TheMayhem6328 commented on GitHub (Oct 6, 2022):

authorize for at least one scope

I overlooked that initially - that works just fine. Thanks for suggesting that!

<!-- gh-comment-id:1270482031 --> @TheMayhem6328 commented on GitHub (Oct 6, 2022): > authorize for at least one scope I overlooked that initially - that works just fine. Thanks for suggesting that!
kerem commented 2026-02-27 23:23:12 +03:00
Author
Owner
Copy link

@TheCheddarCheese commented on GitHub (Apr 28, 2024):

It looks like there is a bug in which the token info is rejected as invalid if it is not authorized for any scopes. As a workaround, for these endpoints, you can use the SpotifyClientCredentials authorization manager, or authorize for at least one scope.

Are there plans for this to be fixed? Is it an issue on Spotify's end?

<!-- gh-comment-id:2081576062 --> @TheCheddarCheese commented on GitHub (Apr 28, 2024): > It looks like there is a bug in which the token info is rejected as invalid if it is not authorized for any scopes. As a workaround, for these endpoints, you can use the `SpotifyClientCredentials` authorization manager, or authorize for at least one scope. Are there plans for this to be fixed? Is it an issue on Spotify's end?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
feature/2026-02-changes
feature/invalid-uri-warning
feature/refresh-endpoints
doc-deprecations
revert-synchronize
v3
run-tests
bugfix/1149-change-cache-name
2.23.0
v3_oldprsonly
2.26.0
2.25.2
2.25.1
2.25.0
2.24.0
2.23.0
2.22.1
2.22.0
2.21.0
2.20.0
2.19.0
2.18.0
2.17.1
2.17.0
2.16.1
2.16.0
2.15.0
2.14.0
2.13.0
2.12.0
2.11.2
2.11.1
2.11.0
2.10.0
2.9.0
2.8.0
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.5.0
Labels
Clear labels   
api-bug

   
bug

   
dependencies

   
documentation

   
duplicate

   
enhancement

   
external-ide

   
headless-mode

   
implicit-grant-flow

   
invalid

   
missing-endpoint

   
pr-welcome

   
private-api

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
spotipy3

   
wontfix
No labels
api-bug
bug
dependencies
documentation
duplicate
enhancement
external-ide
headless-mode
implicit-grant-flow
invalid
missing-endpoint
pr-welcome
private-api
pull-request
question
spotipy3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spotipy#534
No description provided.