Spotify Refresh Token

nalhassa · January 25, 2021, 10:32pm

Hi everyone.

I’ve properly set up my Spotify API using the Bubble API Connector. It works great when I connect it to a workflow to authorize and from there I can manipulate the user’s playlists. But when the initial token expires, i’d like to be able to use the refresh token. The trouble is that when I try to use the POST method described here for https://accounts.spotify.com/api/token: https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow

I get “invalid client”.

I’ve tried this a million ways and still get the same error. I think the issue is with the form encode that Spotify requires, because it works perfectly in Postman Here’s my bubble setup:

Pathfix · January 26, 2021, 4:51am

@nalhassa we’ve released a plugin for Spotify that handles the oauth process and calls the Spotify Search API

Here’s the link to the Bubble plugin

Let us know which API you wish to call, we can add those to it as well.

tntermini · March 11, 2021, 6:52am

Yes, I’m having the same exact issue––I’m getting a successful token call in Postman, but not in Bubble’s API connector.

I’m almost certain it’s because Bubble’s API connector only allows a JSON or form-data body content-type, but the Spotify API requires the POST body be in x-www-form-urlencoded.

Really wish Bubble’s API connector allowed a custom body type, not just limited to JSON or form-data!

I’m wondering how Pathfix wrote their plugin? My guess is that they have their own API that they funnel everything through, and Pathfix outputs it in a way that Bubble’s API connector is happy with (i.e. converts the body content type to JSON)

nalhassa · March 12, 2021, 1:08am

Hi @tntermini I figured this out a few weeks ago and forgot to respond with my steps. Here’s how to do it:

Set up an API with the following settings:

Authentification: Private Key in Header
Key Name: Authorization
Key Value: Basic Base64EncodedPrivate Key

Then set up these below. Since the authorization token is passed through the URL be sure to grab it when the person actually hits Accept. To get the authorization token, you’ll need to have them navigate to a url that’s structured like so:

https://accounts.spotify.com/authorize?client_id=INSERTCLIENTID&response_type=code&redirect_uri=REDIRECTLINK&scope=SCOPEVALUES

It’s helpful to build this link in postman first and then just copy it over. Note that you’ll need to test the link in your development version using “version-test” in the URL but when you push it to live, you need to remove version test from the redirect.

Once you have the authorization token, you can exchange it for an access and refresh token using the same redirect link.

tntermini · March 16, 2021, 11:25pm

@nalhassa Thank you! Not exactly what I was going for (I was just doing general app auth, didn’t want user to have to log in) but this sheds some insight on how to crank the API connector to make things work. Thank you!

sa.behaegel · January 27, 2022, 5:21pm

hey @nalhassa ,

I don’t understand all this part :
" Set up an API with the following settings:

Authentification: Private Key in Header
Key Name: Authorization
Key Value: Basic Base64EncodedPrivate Key

Then set up these below. Since the authorization token is passed through the URL be sure to grab it when the person actually hits Accept. To get the authorization token, you’ll need to have them navigate to a url that’s structured like so:

https://accounts.spotify.com/authorize?client_id=INSERTCLIENTID&response_type=code&redirect_uri=REDIRECTLINK&scope=SCOPEVALUES

It’s helpful to build this link in postman first and then just copy it over. Note that you’ll need to test the link in your development version using “version-test” in the URL but when you push it to live, you need to remove version test from the redirect. "

Can you put a screenshot please my friend ?

Thank you very much,