[GH-ISSUE #1092] Invalid API id and secret doesn't throw an error until client is used #649

New issue

Closed

opened 2026-02-28 00:00:32 +03:00 by kerem · 4 comments

kerem commented

2026-02-28 00:00:32 +03:00

Owner

Originally created by @JackDyre on GitHub (Apr 29, 2024).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1092

Using the authorization flow (maybe this is a problem with the other flow as well), if you create an API client with an invalid client secret and / or client ID, it will not throw an error until you try to use the API client.

This makes it difficult to have the user input their API credentials because you cant verify whether they inputted valid credentials

Originally created by @JackDyre on GitHub (Apr 29, 2024). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1092 Using the authorization flow (maybe this is a problem with the other flow as well), if you create an API client with an invalid client secret and / or client ID, it will not throw an error until you try to use the API client. This makes it difficult to have the user input their API credentials because you cant verify whether they inputted valid credentials

kerem closed this issue

2026-02-28 00:00:32 +03:00

kerem commented

2026-02-28 00:00:33 +03:00

Author

Owner

@dieser-niko commented on GitHub (Apr 29, 2024):

You could try out the following:

sp = spotipy.Spotify(auth_manager=SpotifyClientCredentials(client_id="YOUR_APP_CLIENT_ID",
                                                           client_secret="YOUR_APP_CLIENT_SECRET"))

sp.auth_manager.get_access_token(check_cache=False)

This would throw the error spotipy.oauth2.SpotifyOauthError if the credentials are incorrect.

You might notice that there's a deprecation warning for the attribute as_dict=True, but you can ignore that since this is actually set to True by default. Or just set it to False it it annoys you.

@dieser-niko commented on GitHub (Apr 29, 2024): You could try out the following: ```python3 sp = spotipy.Spotify(auth_manager=SpotifyClientCredentials(client_id="YOUR_APP_CLIENT_ID", client_secret="YOUR_APP_CLIENT_SECRET")) sp.auth_manager.get_access_token(check_cache=False) ``` This would throw the error `spotipy.oauth2.SpotifyOauthError` if the credentials are incorrect. You might notice that there's a deprecation warning for the attribute `as_dict=True`, but you can ignore that since this is actually set to `True` by default. Or just set it to `False` it it annoys you.

kerem commented

2026-02-28 00:00:33 +03:00

Author

Owner

@JackDyre commented on GitHub (Apr 29, 2024):

That is the credentials flow though, I am wanting to use the authorization flow.

        sp = spotipy.Spotify(
            auth_manager=SpotifyOAuth(
                client_id=client_id,
                client_secret=client_secret,
                scope=scope,
                redirect_uri="http://localhost:8888/callback",
            )
        )

Why doesn't the authorization flow throw an error if the ID and or Secret are invalid?

@JackDyre commented on GitHub (Apr 29, 2024): That is the credentials flow though, I am wanting to use the authorization flow. ```python sp = spotipy.Spotify( auth_manager=SpotifyOAuth( client_id=client_id, client_secret=client_secret, scope=scope, redirect_uri="http://localhost:8888/callback", ) ) ``` Why doesn't the authorization flow throw an error if the ID and or Secret are invalid?

kerem commented

2026-02-28 00:00:33 +03:00

Author

Owner

@dieser-niko commented on GitHub (Apr 29, 2024):

Ah, I see. This is somewhat due to the authorisation flow for OAuth, as it just generates a URL for the user and waits for a response from Spotify via the redirect URI.

I don't quite see a solution that could be done with the SpotifyOAuth manager alone, but you could try using SpotifyClientCredentials just for verification and then initialising with SpotifyOAuth again. Not quite elegant, but it should do the trick.

@dieser-niko commented on GitHub (Apr 29, 2024): Ah, I see. This is somewhat due to the authorisation flow for OAuth, as it just generates a URL for the user and waits for a response from Spotify via the redirect URI. I don't quite see a solution that could be done with the SpotifyOAuth manager alone, but you could try using SpotifyClientCredentials just for verification and then initialising with SpotifyOAuth again. Not quite elegant, but it should do the trick.

kerem commented

2026-02-28 00:00:33 +03:00

Author

Owner

@JackDyre commented on GitHub (Apr 29, 2024):

Thanks

@JackDyre commented on GitHub (Apr 29, 2024): Thanks

kerem referenced this issue

2026-02-28 00:03:05 +03:00

[PR #649] [MERGED] Allow both id types in playlist_change_details #977