starred/spotipy

Fork 0

mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-04-26 16:15:51 +03:00

[GH-ISSUE #957] `auth_manager=SpotifyOAuth(` causes indefinite hanging if provided with invalid client id or secret #577

New issue

Open

opened 2026-02-27 23:23:27 +03:00 by kerem · 8 comments

kerem commented

2026-02-27 23:23:27 +03:00

Owner

Originally created by @Lightningtow on GitHub (Apr 4, 2023).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/957

Describe the bug
When there's no valid .cache file for Spotipy to draw from, and an invalid client ID or secret is provided to the authorization code flow, when you next use the sp object, the code opens a webpage that says INVALID_CLIENT: Invalid client and then hangs indefinitely. A try/except does nothing.

If provided with an invalid callback URI (regardless of the validity of the client ID and secret), it will throw an error when you enter the URL you were sent to, so you're able to try/except as normal.

Your code

print("authing")  # behaves the same if you use environment variables instead of hardcoding
sp = spotipy.Spotify(auth_manager=SpotifyOAuth(client_id='invalid id', 
                                   client_secret='invalid secret',
                                   redirect_uri='http://localhost:8080',  # this part is valid
                                   scope=SCOPES))   # this is also valid
print("after auth request")
sp.me()  # also tested with `sp.playlist_items()` and `sp.track`, they all behave the same
print("end authing")

Expected behavior
If provided with an invalid client ID and/or secret, it should throw an error, one that can be properly caught with a try/except.
Seems the error would be better placed on the sp = spotipy line of code, but would work fine if it instead threw when it got used next, in this case sp.me(). Doesn't really matter, as long as it gives an error that can be caught.

Output
Running the above code results in this:

authing
after auth request

and then indefinite hanging. The behavior is exactly the same even if you use try/except around both statements, or if only one ID/secret is invalid.

Environment:

OS: Windows
Python version: 3.9
Spotipy version ~~2.12.0~~ 2.22.1 (typo)
IDE: Pycharm

Additional context
Not part of the bug report, but does anyone know an option besides A) bundle my app's client secret with the rest of my code and distribute it with cx_Freeze, which is no bueno lmao, or B) force my users to make their own app and provide their own IDs and secrets? I chose option B, which is why I'm making the above bug report rn, because I can't assume that my end user will provide valid IDs or secrets.

Originally created by @Lightningtow on GitHub (Apr 4, 2023). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/957 **Describe the bug** When there's no valid `.cache` file for Spotipy to draw from, and an invalid client ID or secret is provided to the authorization code flow, when you next use the `sp` object, the code opens a webpage that says `INVALID_CLIENT: Invalid client` and then hangs indefinitely. A `try/except` does nothing. If provided with an invalid callback URI (regardless of the validity of the client ID and secret), it will throw an error when you enter the URL you were sent to, so you're able to `try/except` as normal. **Your code** ``` print("authing") # behaves the same if you use environment variables instead of hardcoding sp = spotipy.Spotify(auth_manager=SpotifyOAuth(client_id='invalid id', client_secret='invalid secret', redirect_uri='http://localhost:8080', # this part is valid scope=SCOPES)) # this is also valid print("after auth request") sp.me() # also tested with `sp.playlist_items()` and `sp.track`, they all behave the same print("end authing") ``` **Expected behavior** If provided with an invalid client ID and/or secret, it should throw an error, one that can be properly caught with a `try/except`. Seems the error would be better placed on the `sp = spotipy` line of code, but would work fine if it instead threw when it got used next, in this case `sp.me()`. Doesn't really matter, as long as it gives an error that can be caught. **Output** Running the above code results in this: ``` authing after auth request ``` and then indefinite hanging. The behavior is exactly the same even if you use `try/except` around both statements, or if only one ID/secret is invalid. **Environment:** - OS: Windows - Python version: 3.9 - Spotipy version ~~2.12.0~~ 2.22.1 (typo) - IDE: Pycharm **Additional context** Not part of the bug report, but does anyone know an option besides A) bundle my app's client secret with the rest of my code and distribute it with cx_Freeze, which is no bueno lmao, or B) force my users to make their own app and provide their own IDs and secrets? I chose option B, which is why I'm making the above bug report rn, because I can't assume that my end user will provide valid IDs or secrets.

kerem added the

bug

label

2026-02-27 23:23:27 +03:00

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@stephanebruckert commented on GitHub (Apr 8, 2023):

Haven't tried it yet, but I see you are using quite an old version of spotipy, could you please upgrade and confirm the problem persists?

@stephanebruckert commented on GitHub (Apr 8, 2023): Haven't tried it yet, but I see you are using quite an old version of spotipy, could you please upgrade and confirm the problem persists?

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@Lightningtow commented on GitHub (Apr 8, 2023):

Haven't tried it yet, but I see you are using quite an old version of spotipy, could you please upgrade and confirm the problem persists?

That was a typo, sorry. I'm using 2.22.1

@Lightningtow commented on GitHub (Apr 8, 2023): > Haven't tried it yet, but I see you are using quite an old version of spotipy, could you please upgrade and confirm the problem persists? That was a typo, sorry. I'm using 2.22.1

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@AtomikkuLabs commented on GitHub (Apr 24, 2025):

Bump. I am also experiencing this. I would like to be able to handle it as it causes my program to hang and I cannot find a way to handle it as spotipy provides no exceptions, just hangs.

@AtomikkuLabs commented on GitHub (Apr 24, 2025): Bump. I am also experiencing this. I would like to be able to handle it as it causes my program to hang and I cannot find a way to handle it as spotipy provides no exceptions, just hangs.

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@stephanebruckert commented on GitHub (Apr 24, 2025):

@dieser-niko do you know if this is the same as https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#my-application-is-not-responding ? and if the warning from https://github.com/spotipy-dev/spotipy/pull/1134 should be displayed in this case?

@BigAtomikku you could try the suggestion from the FAQ to raise an error rather than indefinitely retrying, which hopefully will also give us more info.

@stephanebruckert commented on GitHub (Apr 24, 2025): @dieser-niko do you know if this is the same as https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#my-application-is-not-responding ? and if the warning from https://github.com/spotipy-dev/spotipy/pull/1134 should be displayed in this case? @BigAtomikku you could try the suggestion from the [FAQ](https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#why-is-the-application-not-responding) to raise an error rather than indefinitely retrying, which hopefully will also give us more info.

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@AtomikkuLabs commented on GitHub (Apr 24, 2025):

@dieser-niko do you know if this is the same as https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#my-application-is-not-responding ? and if the warning from #1134 should be displayed in this case?

@BigAtomikku you could try the suggestion from the FAQ to raise an error rather than indefinitely retrying, which hopefully will also give us more info.

I tried an invalid client_id with:

redirect_uri = "http://127.0.0.1:5000/callback"
scope = "user-read-playback-state"

print("Begin")
auth_manager = spotipy.SpotifyPKCE(client_id=client_id, redirect_uri=redirect_uri, scope=scope)
print("1")
spotify = spotipy.Spotify(auth_manager=auth_manager, retries=0)
print("2")
spotify.current_playback()
print("3")

and still no luck. It never reached print("3") or provided an error. Just sits there

@AtomikkuLabs commented on GitHub (Apr 24, 2025): > [@dieser-niko](https://github.com/dieser-niko) do you know if this is the same as https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#my-application-is-not-responding ? and if the warning from [#1134](https://github.com/spotipy-dev/spotipy/pull/1134) should be displayed in this case? > > [@BigAtomikku](https://github.com/BigAtomikku) you could try the suggestion from the [FAQ](https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#why-is-the-application-not-responding) to raise an error rather than indefinitely retrying, which hopefully will also give us more info. I tried an invalid client_id with: ``` redirect_uri = "http://127.0.0.1:5000/callback" scope = "user-read-playback-state" print("Begin") auth_manager = spotipy.SpotifyPKCE(client_id=client_id, redirect_uri=redirect_uri, scope=scope) print("1") spotify = spotipy.Spotify(auth_manager=auth_manager, retries=0) print("2") spotify.current_playback() print("3") ``` and still no luck. It never reached print("3") or provided an error. Just sits there

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@dieser-niko commented on GitHub (Apr 24, 2025):

I guess that spotipy is waiting for a never incoming request from the browser. It just prepares the URL for the browser and that's it. There's no check if the URL is valid or not. At least that's what I'm seeing without looking at the code.

@dieser-niko commented on GitHub (Apr 24, 2025): I guess that spotipy is waiting for a never incoming request from the browser. It just prepares the URL for the browser and that's it. There's no check if the URL is valid or not. At least that's what I'm seeing without looking at the code.

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@dieser-niko commented on GitHub (Apr 24, 2025):

The thing is, we won't know if it throws an error on the website because it doesn't redirect the user to the redirect_uri. There also doesn't seem to be a universal way to verify the client credentials.

What we/the user could do would be to use SpotifyClientCredentials before anything to make sure the credentials are correct.

As for spotipy, I think we could make sure that the http server can be cancelled with Ctrl + C or similar.
Alternatively we could use flask or bottle since they can handle a KeyboardInterrupt.

@dieser-niko commented on GitHub (Apr 24, 2025): The thing is, we won't know if it throws an error on the website because it doesn't redirect the user to the redirect_uri. There also doesn't seem to be a universal way to verify the client credentials. What we/the user could do would be to use `SpotifyClientCredentials` before anything to make sure the credentials are correct. As for spotipy, I think we could make sure that the http server can be cancelled with Ctrl + C or similar. Alternatively we could use `flask` or `bottle` since they can handle a KeyboardInterrupt.

kerem commented

2026-02-27 23:23:28 +03:00

Author

Owner

@AtomikkuLabs commented on GitHub (May 26, 2025):

I created a pull request where I have fixed the issue for my use case at least.

@AtomikkuLabs commented on GitHub (May 26, 2025): I created a [pull request](https://github.com/spotipy-dev/spotipy/pull/1203) where I have fixed the issue for my use case at least.

kerem referenced this issue

2026-02-28 00:02:52 +03:00

[PR #596] [MERGED] Retry for POST, PUT and DELETE, fixes #577 #955