[GH-ISSUE #14] get_cached_token() should check scopes too #6

New issue

Closed

opened 2026-02-27 23:20:21 +03:00 by kerem · 2 comments

kerem commented 2026-02-27 23:20:21 +03:00

Owner

Copy link

Originally created by @tobkin on GitHub (Jul 6, 2014).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/14

Started playing with this library to learn Python, and I kept getting an "insufficient scope" error from Spotify.

It turns out that if your application gets issued a token, and the application's required scope changes to need more permissions before that token expires, get_cached_token() in oauth2.py will still give that token back even though Spotify will reject it. When tokens are cached, information about what scopes are associated with that token needs to be recorded too.

Originally created by @tobkin on GitHub (Jul 6, 2014). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/14 Started playing with this library to learn Python, and I kept getting an "insufficient scope" error from Spotify. It turns out that if your application gets issued a token, and the application's required scope changes to need more permissions before that token expires, get_cached_token() in oauth2.py will still give that token back even though Spotify will reject it. When tokens are cached, information about what scopes are associated with that token needs to be recorded too.

kerem closed this issue 2026-02-27 23:20:21 +03:00

kerem commented 2026-02-27 23:20:22 +03:00

Author

Owner

Copy link

@plamere commented on GitHub (Jul 7, 2014):

thanks .. will fix soon. --p

<!-- gh-comment-id:48140835 --> @plamere commented on GitHub (Jul 7, 2014): thanks .. will fix soon. --p

kerem commented 2026-02-27 23:20:22 +03:00

Author

Owner

Copy link

@plamere commented on GitHub (Jul 7, 2014):

fixed

<!-- gh-comment-id:48194309 --> @plamere commented on GitHub (Jul 7, 2014): fixed

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

feature/2026-02-changes

feature/invalid-uri-warning

feature/refresh-endpoints

doc-deprecations

revert-synchronize

v3

run-tests

bugfix/1149-change-cache-name

2.23.0

v3_oldprsonly

2.26.0

2.25.2

2.25.1

2.25.0

2.24.0

2.23.0

2.22.1

2.22.0

2.21.0

2.20.0

2.19.0

2.18.0

2.17.1

2.17.0

2.16.1

2.16.0

2.15.0

2.14.0

2.13.0

2.12.0

2.11.2

2.11.1

2.11.0

2.10.0

2.9.0

2.8.0

2.7.1

2.7.0

2.6.3

2.6.2

2.6.1

2.6.0

2.5.0

Labels

Clear labels   

api-bug

  

bug

  

dependencies

  

documentation

  

duplicate

  

enhancement

  

external-ide

  

headless-mode

  

implicit-grant-flow

  

invalid

  

missing-endpoint

  

pr-welcome

  

private-api

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

spotipy3

  

wontfix

No labels

api-bug

bug

dependencies

documentation

duplicate

enhancement

external-ide

headless-mode

implicit-grant-flow

invalid

missing-endpoint

pr-welcome

private-api

pull-request

question

spotipy3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/spotipy#6

No description provided.