starred/spotipy
1
0
Fork 0
mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-04-26 16:15:51 +03:00
Code Issues 62 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1095] The followers field in the current_user is empty #652

New issue
Closed
opened 2026-02-28 00:00:34 +03:00 by kerem · 9 comments
kerem commented 2026-02-28 00:00:34 +03:00
Owner
Copy link

Originally created by @Mews on GitHub (May 1, 2024).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1095

I'm trying to get a list of the users that follow me, however, the followers field in the data returned by current_user() only shows the number of users that follow me, but not which users.
This is the code I'm using (CLIENT_ID and CLIENT_SECRET are defined earlier in the code)

import spotipy
from spotipy.oauth2 import SpotifyOAuth

sp = spotipy.Spotify(auth_manager=SpotifyOAuth(scope="user-follow-read", client_id=CLIENT_ID, client_secret=CLIENT_SECRET, redirect_uri="http://localhost:8888/callback"))

print(sp.current_user()["followers"])

From what I could tell from the spotify api docs I'm using the correct scope, but this code always prints {'href': None, 'total': 10}
Is there a way to get what users follow me?

Originally created by @Mews on GitHub (May 1, 2024). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1095 I'm trying to get a list of the users that follow me, however, the `followers` field in the data returned by `current_user()` only shows the number of users that follow me, but not which users. This is the code I'm using (`CLIENT_ID` and `CLIENT_SECRET` are defined earlier in the code) ```python import spotipy from spotipy.oauth2 import SpotifyOAuth sp = spotipy.Spotify(auth_manager=SpotifyOAuth(scope="user-follow-read", client_id=CLIENT_ID, client_secret=CLIENT_SECRET, redirect_uri="http://localhost:8888/callback")) print(sp.current_user()["followers"]) ``` From what I could tell from the spotify api docs I'm using the correct scope, but this code always prints `{'href': None, 'total': 10}` Is there a way to get what users follow me?
kerem 2026-02-28 00:00:34 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@dieser-niko commented on GitHub (May 1, 2024):

A quick Google search turned up this Stackoverflow answer from a supposed Spotify employee, suggesting that Spotify has known since 2014 that this has been a long-awaited addition to the API, but has apparently made no progress.

There's a somewhat unofficial way, but using this would technically be against Spotify's Developer Terms, it is also outside of the boundaries of spotipy and may be unreliable since there's no official documentation for this particular endpoint.

This would require an additional package called spotipy_anon which allows you to use a token that is intended for the web UI.

Then you can do something like this:

from spotipy.cache_handler import MemoryCacheHandler
from spotipy_anon import SpotifyAnon
import requests

auth_manager = SpotifyAnon(cache_handler=MemoryCacheHandler())
session = requests.Session()

def get_user_followers(user: str, proxies = None, requests_timeout=5):
    if not user.isalnum():
        raise ValueError
    headers = {"Authorization": "Bearer {0}".format(auth_manager.get_access_token(as_dict=False)), 
               "Content-Type": "application/json"}
    response  = session.get(
        f"https://spclient.wg.spotify.com/user-profile-view/v3/profile/{user}/followers",
        headers=headers, proxies=proxies, timeout=requests_timeout
    )
    response.raise_for_status()
    return response.json()

for follower in get_user_followers("spotify")["profiles"]:
    print(follower["name"])

You might notice that there's no escaping for the username whatsoever, so use it at your own risk. Spotify itself hasn't specified what can and can't be inside a user ID (https://developer.spotify.com/documentation/web-api/concepts/spotify-uris-ids), but my guess would be alphanumeric characters, so a simple str.isalnum() should do the trick.

<!-- gh-comment-id:2089041633 --> @dieser-niko commented on GitHub (May 1, 2024): A quick Google search turned up [this Stackoverflow answer](https://stackoverflow.com/a/24309048) from a supposed Spotify employee, suggesting that Spotify has known since 2014 that this has been a long-awaited addition to the API, but has apparently made no progress. There's a somewhat unofficial way, but using this would technically be against [Spotify's Developer Terms](https://developer.spotify.com/terms), it is also outside of the boundaries of spotipy and may be unreliable since there's no official documentation for this particular endpoint. This would require an additional package called `spotipy_anon` which allows you to use a token that is intended for the web UI. Then you can do something like this: ```python3 from spotipy.cache_handler import MemoryCacheHandler from spotipy_anon import SpotifyAnon import requests auth_manager = SpotifyAnon(cache_handler=MemoryCacheHandler()) session = requests.Session() def get_user_followers(user: str, proxies = None, requests_timeout=5): if not user.isalnum(): raise ValueError headers = {"Authorization": "Bearer {0}".format(auth_manager.get_access_token(as_dict=False)), "Content-Type": "application/json"} response = session.get( f"https://spclient.wg.spotify.com/user-profile-view/v3/profile/{user}/followers", headers=headers, proxies=proxies, timeout=requests_timeout ) response.raise_for_status() return response.json() for follower in get_user_followers("spotify")["profiles"]: print(follower["name"]) ``` You might notice that there's no escaping for the username whatsoever, so use it at your own risk. Spotify itself hasn't specified what can and can't be inside a user ID (https://developer.spotify.com/documentation/web-api/concepts/spotify-uris-ids), but my guess would be alphanumeric characters, so a simple str.isalnum() should do the trick.
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@Mews commented on GitHub (May 1, 2024):

What do you mean by there's no escaping for the username?
Also why would this not be allowed by the tos?

<!-- gh-comment-id:2089201048 --> @Mews commented on GitHub (May 1, 2024): What do you mean by there's no escaping for the username? Also why would this not be allowed by the tos?
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@Mews commented on GitHub (May 1, 2024):

At any rate this does work thank you so much

<!-- gh-comment-id:2089217045 --> @Mews commented on GitHub (May 1, 2024): At any rate this does work thank you so much
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@dieser-niko commented on GitHub (May 1, 2024):

What do you mean by there's no escaping for the username?

Escaping is mostly a method used in SQL queries. I found a Stackoverflow answer which explains the process of escaping pretty good: https://stackoverflow.com/a/10646166

Obviously we're not using SQL here, but the principle stays the same. For example, if you host a web app and a user tries to enter a username like "@malicious-website.com", the request might go to malicious-website.com instead of spotify.com. But to be honest, I'm not up to date with URL injections (and this example didn't even work when I tested it), but I hope you can see where I'm going with this.

Also why would this not be allowed by the tos?

Check section IV of the developer terms, I assume the usage of my script would violate at least one of these terms.

<!-- gh-comment-id:2089226919 --> @dieser-niko commented on GitHub (May 1, 2024): > What do you mean by there's no escaping for the username? Escaping is mostly a method used in SQL queries. I found a Stackoverflow answer which explains the process of escaping pretty good: https://stackoverflow.com/a/10646166 Obviously we're not using SQL here, but the principle stays the same. For example, if you host a web app and a user tries to enter a username like "@malicious-website.com", the request might go to malicious-website.com instead of spotify.com. But to be honest, I'm not up to date with URL injections (and this example didn't even work when I tested it), but I hope you can see where I'm going with this. > Also why would this not be allowed by the tos? Check section IV of the developer terms, I assume the usage of my script would violate at least one of these terms.
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@Mews commented on GitHub (May 1, 2024):

Oh ok but is escaping really necessary then? The get_user_followers function you wrote expects a user id so it should be fine no?

<!-- gh-comment-id:2089238268 --> @Mews commented on GitHub (May 1, 2024): Oh ok but is escaping really necessary then? The `get_user_followers` function you wrote expects a user id so it should be fine no?
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@dieser-niko commented on GitHub (May 1, 2024):

Just because the argument is user: str doesn't mean it only accepts usernames. But I've updated the code snippet to include a check for alphanumeric characters just to make sure.

<!-- gh-comment-id:2089242145 --> @dieser-niko commented on GitHub (May 1, 2024): Just because the argument is `user: str` doesn't mean it only accepts usernames. But I've updated the code snippet to include a check for alphanumeric characters just to make sure.
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@Mews commented on GitHub (May 1, 2024):

But you're meant to pass a user id to it no? At least thats what worked for me
I dont see how you would end up with an id that has invalid characters

<!-- gh-comment-id:2089248393 --> @Mews commented on GitHub (May 1, 2024): But you're meant to pass a user id to it no? At least thats what worked for me I dont see how you would end up with an id that has invalid characters
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@dieser-niko commented on GitHub (May 1, 2024):

Yes, but as I said, this depends on the usecase. If you're building a web app that asks for a user ID, then you could end up with an invalid ID very fast.

<!-- gh-comment-id:2089252526 --> @dieser-niko commented on GitHub (May 1, 2024): Yes, but as I said, this depends on the usecase. If you're building a web app that asks for a user ID, then you could end up with an invalid ID very fast.
kerem commented 2026-02-28 00:00:35 +03:00
Author
Owner
Copy link

@Mews commented on GitHub (May 2, 2024):

Alright anyway your solution fixed it tysm

<!-- gh-comment-id:2091098633 --> @Mews commented on GitHub (May 2, 2024): Alright anyway your solution fixed it tysm
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
feature/2026-02-changes
feature/invalid-uri-warning
feature/refresh-endpoints
doc-deprecations
revert-synchronize
v3
run-tests
bugfix/1149-change-cache-name
2.23.0
v3_oldprsonly
2.26.0
2.25.2
2.25.1
2.25.0
2.24.0
2.23.0
2.22.1
2.22.0
2.21.0
2.20.0
2.19.0
2.18.0
2.17.1
2.17.0
2.16.1
2.16.0
2.15.0
2.14.0
2.13.0
2.12.0
2.11.2
2.11.1
2.11.0
2.10.0
2.9.0
2.8.0
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.5.0
Labels
Clear labels   
api-bug

   
bug

   
dependencies

   
documentation

   
duplicate

   
enhancement

   
external-ide

   
headless-mode

   
implicit-grant-flow

   
invalid

   
missing-endpoint

   
pr-welcome

   
private-api

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
spotipy3

   
wontfix
No labels
api-bug
bug
dependencies
documentation
duplicate
enhancement
external-ide
headless-mode
implicit-grant-flow
invalid
missing-endpoint
pr-welcome
private-api
pull-request
question
spotipy3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spotipy#652
No description provided.