starred/spotipy
1
0
Fork 0
mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-04-27 00:25:54 +03:00
Code Issues 62 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1031] User Authorization in Cloud Functions #616

New issue
Closed
opened 2026-02-28 00:00:18 +03:00 by kerem · 4 comments
kerem commented 2026-02-28 00:00:18 +03:00
Owner
Copy link

Originally created by @Basti110 on GitHub (Oct 5, 2023).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1031

Hey,

is it somehow possible to authorize a cloud function to add new songs to my private playlist, at any time without user interaction? I can not use bowser login with redirection urls in the cloud or at least I do not know how to use them there. Is there a direct way to log into my Spotify account via the API? The client credentials flow works in the cloud, but I can't use it to access my account. It always says "This request requires user authentication".

Thank you!
Sebastian

Originally created by @Basti110 on GitHub (Oct 5, 2023). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1031 Hey, is it somehow possible to authorize a cloud function to add new songs to my private playlist, at any time without user interaction? I can not use bowser login with redirection urls in the cloud or at least I do not know how to use them there. Is there a direct way to log into my Spotify account via the API? The client credentials flow works in the cloud, but I can't use it to access my account. It always says "This request requires user authentication". Thank you! Sebastian
kerem 2026-02-28 00:00:18 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-02-28 00:00:19 +03:00
Author
Owner
Copy link

@deanja commented on GitHub (Oct 29, 2023):

I'm trying to get my head around this too.

First I can confirm that Spotify user data can't be accessed with Client Credentials flow. Instead I used the Authorization Code flow - https://developer.spotify.com/documentation/web-api/tutorials/code-flow.

For your cloud function solution it might work like this:

  1. Interact manually* with Spotify browser authentication page and the redirect_uri to complete steps 1 and 2 in the Authorization Code flow, at which point you'll have an access token and a refresh token, which can be used unattended, but will expire.
  2. make the refresh token persistently available to your cloud function - via environment variable, aws dynamodb etc
  3. trigger your cloud function to add songs to your playlist as normal. If it runs less frequently than once an hour, it can use the refresh token to get a new access token on each run. If multiple times in an hour it might cache the access token between runs and only use the refresh token once per hour.

That oAuth2 refresh token should be valid at least until redeemed for an access token, and possibly indefinitely until the user revokes access by your app in Spotify.

You could write a web app or similar to do step 1, to guide user through the Spotify authentication and save the tokens where your cloud function can access them.

<!-- gh-comment-id:1784020752 --> @deanja commented on GitHub (Oct 29, 2023): I'm trying to get my head around this too. First I can confirm that Spotify user data can't be accessed with Client Credentials flow. Instead I used the Authorization Code flow - https://developer.spotify.com/documentation/web-api/tutorials/code-flow. For your cloud function solution it might work like this: 1. Interact manually* with Spotify browser authentication page and the redirect_uri to complete steps 1 and 2 in the Authorization Code flow, at which point you'll have an `access token` and a `refresh token`, which can be used unattended, but will expire. 2. make the refresh token persistently available to your cloud function - via environment variable, aws dynamodb etc 3. trigger your cloud function to add songs to your playlist as normal. If it runs less frequently than once an hour, it can use the refresh token to get a new access token on each run. If multiple times in an hour it might cache the access token between runs and only use the refresh token once per hour. That oAuth2 refresh token should be valid at least until redeemed for an access token, and possibly indefinitely until the user revokes access by your app in Spotify. You could write a web app or similar to do step 1, to guide user through the Spotify authentication and save the tokens where your cloud function can access them.
kerem commented 2026-02-28 00:00:19 +03:00
Author
Owner
Copy link

@Nico-VC commented on GitHub (May 1, 2024):

Yes. The key is running the authorization code flow once to get the .cache file for that user and have that accessible to read everytime your function runs.

See https://stackoverflow.com/questions/48883731/refresh-token-spotipy

<!-- gh-comment-id:2087869992 --> @Nico-VC commented on GitHub (May 1, 2024): Yes. The key is running the authorization code flow once to get the .cache file for that user and have that accessible to read everytime your function runs. See https://stackoverflow.com/questions/48883731/refresh-token-spotipy
kerem commented 2026-02-28 00:00:19 +03:00
Author
Owner
Copy link

@dieser-niko commented on GitHub (May 6, 2024):

@Basti110 is your issue resolved or do you still need help and/or other solutions to your problem?

<!-- gh-comment-id:2095777274 --> @dieser-niko commented on GitHub (May 6, 2024): @Basti110 is your issue resolved or do you still need help and/or other solutions to your problem?
kerem commented 2026-02-28 00:00:19 +03:00
Author
Owner
Copy link

@dieser-niko commented on GitHub (May 26, 2024):

Closing as there is no activity or reply from the author.

<!-- gh-comment-id:2132391088 --> @dieser-niko commented on GitHub (May 26, 2024): Closing as there is no activity or reply from the author.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
feature/2026-02-changes
feature/invalid-uri-warning
feature/refresh-endpoints
doc-deprecations
revert-synchronize
v3
run-tests
bugfix/1149-change-cache-name
2.23.0
v3_oldprsonly
2.26.0
2.25.2
2.25.1
2.25.0
2.24.0
2.23.0
2.22.1
2.22.0
2.21.0
2.20.0
2.19.0
2.18.0
2.17.1
2.17.0
2.16.1
2.16.0
2.15.0
2.14.0
2.13.0
2.12.0
2.11.2
2.11.1
2.11.0
2.10.0
2.9.0
2.8.0
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.5.0
Labels
Clear labels   
api-bug

   
bug

   
dependencies

   
documentation

   
duplicate

   
enhancement

   
external-ide

   
headless-mode

   
implicit-grant-flow

   
invalid

   
missing-endpoint

   
pr-welcome

   
private-api

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
spotipy3

   
wontfix
No labels
api-bug
bug
dependencies
documentation
duplicate
enhancement
external-ide
headless-mode
implicit-grant-flow
invalid
missing-endpoint
pr-welcome
private-api
pull-request
question
spotipy3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spotipy#616
No description provided.