[PR #542] [MERGED] Adding Initial PKCE Auth Flow Support #931

New issue

Closed

opened 2026-02-28 00:02:43 +03:00 by kerem · 0 comments

kerem commented

2026-02-28 00:02:43 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/spotipy-dev/spotipy/pull/542
Author: @DJSdev
Created: 7/14/2020
Status: ✅ Merged
Merged: 7/21/2020
Merged by: @stephanebruckert

Base: master ← Head: djsdev/SpotifyPKCE

📝 Commits (10+)

9fa90d2 Added base funtionality for PKCE Authorization - i538
323b330 fixed a mistake with the auth code
7b798a5 fixed more misunderstandings. fixed grant_access_token to now call authorization if needed
61a5634 added comments and references to code verifier and code challenge
5810530 removed debug print statement
49a2e0f updated unit tests for new PKCE flow
4a6cee3 cleaned up username issues - added doc strings to class
9473d08 fixed import issue, added user endpoint tests
3fec740 forgot to commit this file
6293b8a linted

📊 Changes

4 files changed (+531 additions, -2 deletions)

View changed files

📝 CHANGELOG.md (+1 -0)
📝 spotipy/oauth2.py (+358 -0)
📝 tests/integration/test_user_endpoints.py (+35 -1)
📝 tests/unit/test_oauth.py (+137 -1)

📄 Description

Adds functionality for the PKCE Authorization Flow. This is now the preferred method for developers to integrate desktops and mobile applications with the Spotify API.

The benefits include:

Being able to distribute applications without revealing the apps Client Secret
Not needing users to sign up for a developer account
Moves away from the deprecated Implicit Grant Auth Flow

Requested in #538 - Sorry if I jumped the gun adding this functionality without commenting on the enhancement request/issue. I needed this functionality for an app I'm working on and saw the recent enhancement request for so decided to work on it.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/spotipy-dev/spotipy/pull/542 **Author:** [@DJSdev](https://github.com/DJSdev) **Created:** 7/14/2020 **Status:** ✅ Merged **Merged:** 7/21/2020 **Merged by:** [@stephanebruckert](https://github.com/stephanebruckert) **Base:** `master` ← **Head:** `djsdev/SpotifyPKCE` --- ### 📝 Commits (10+) - [`9fa90d2`](https://github.com/spotipy-dev/spotipy/commit/9fa90d2a719e56ff4b2b07d9c0b576bbb4be2037) Added base funtionality for PKCE Authorization - i538 - [`323b330`](https://github.com/spotipy-dev/spotipy/commit/323b33056f606d419304702fbe5239e44958a74d) fixed a mistake with the auth code - [`7b798a5`](https://github.com/spotipy-dev/spotipy/commit/7b798a5b405d74ee1c2b4048df4bf9f31c36df0d) fixed more misunderstandings. fixed grant_access_token to now call authorization if needed - [`61a5634`](https://github.com/spotipy-dev/spotipy/commit/61a5634005061af409f9a8fff0748cd587ad1bb0) added comments and references to code verifier and code challenge - [`5810530`](https://github.com/spotipy-dev/spotipy/commit/581053073230c6134f1969afaab8dbb2e8d0e33d) removed debug print statement - [`49a2e0f`](https://github.com/spotipy-dev/spotipy/commit/49a2e0f63be6eab21d179df26637cfc6ad5efdd3) updated unit tests for new PKCE flow - [`4a6cee3`](https://github.com/spotipy-dev/spotipy/commit/4a6cee3a3e12593c7fb23833997c12d8333aec51) cleaned up username issues - added doc strings to class - [`9473d08`](https://github.com/spotipy-dev/spotipy/commit/9473d08f43b6450e6e0da00533cc074a206f81ce) fixed import issue, added user endpoint tests - [`3fec740`](https://github.com/spotipy-dev/spotipy/commit/3fec74075b10e7e657abc8a2795c2208c6ba5239) forgot to commit this file - [`6293b8a`](https://github.com/spotipy-dev/spotipy/commit/6293b8a94e9a1135f1a394852daaa8c1cf093183) linted ### 📊 Changes **4 files changed** (+531 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+1 -0) 📝 `spotipy/oauth2.py` (+358 -0) 📝 `tests/integration/test_user_endpoints.py` (+35 -1) 📝 `tests/unit/test_oauth.py` (+137 -1) </details> ### 📄 Description Adds functionality for the PKCE Authorization Flow. This is now the preferred method for developers to integrate desktops and mobile applications with the Spotify API. The benefits include: 1. Being able to distribute applications without revealing the apps Client Secret 2. Not needing users to sign up for a developer account 3. Moves away from the deprecated Implicit Grant Auth Flow Requested in #538 - Sorry if I jumped the gun adding this functionality without commenting on the enhancement request/issue. I needed this functionality for an app I'm working on and saw the recent enhancement request for so decided to work on it. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>