Spotipy: Authorization Without Pasting Into Console

Created on 23 Feb 2018  路  4Comments  路  Source: plamere/spotipy

Hey, I am trying to use the authorization flow, but it is not possible in production to have each user paste their url into the console.

How do I go about authenticating a user for a web app? I am using django and want to do the auth stuff in my code, and deal with their response url on my own.

Thank you for any insight.

documentation question

All 4 comments

@astralmedia You'll have to automate that part on the backend by doing the following:

  1. Create a Django that redirects the user to Spotify Login OAuth page
  2. The User will enter their Spotify username and password
  3. On the backend you'll get a code from Spotify and then create another HTTP request that will request the access and refresh token from Spotify using the code you received in step 3.

Note: You will most likely need to use a headless browser such as Selenium webdriver in combination with PhantomJS. If the headless browser doesn't work out, the other option is to use a virtual display such as Xvfb or PyVirtualDisplay (http://pyvirtualdisplay.readthedocs.io/en/latest/) with a webdriver.

I recommend starting with the headless browser approach first.
Headless browser source: https://duo.com/blog/driving-headless-chrome-with-python

Don't worry, it's possible to get this working, I've done it before for project I was working on.

Source: https://developer.spotify.com/web-api/authorization-guide/#authorization-code-flow

I would recommend something a little more lightweight than django.
I chose to use cherrypy for this.

You can see the code I use to do this and I will detail a couple steps here for you.

I use the wait_for_http_callback() to host a lightweight http server and awaiting and saving 1 request
https://github.com/zdhoward/Spotify-Genre-Playlist-Generator/blob/master/callbacks.py

Then I use the visit_url() function to use selenium rather than webbrowser to open the link headlessly while still following all the redirects.

Then you need to use a function similar to the prompt_user_for_auth_token() that doesn't output so much junk, launches the web server and makes the request using selenium.

You can see my modified function called get_user_token() here:
https://github.com/zdhoward/Spotify-Genre-Playlist-Generator/blob/master/main.py

I also had to add "from spotipy import oauth2" in the same file as the get_user_token() function.

I hope this gives you a good start on it!

Hi,

want to do the auth stuff in my code

This is highly disrecommended because you are not supposed to ask for the users Spotify passwords.

Instead you should redirect each user to the spotify authorization URL that will take care of verifying the password.

For now you can find some quick directions here https://github.com/plamere/spotipy/issues/287#issuecomment-576896586 but we still need to add a proper example in the doc

Was this page helpful?
0 / 5 - 0 ratings

Related issues

JessicaMartini212887 picture JessicaMartini212887  路  5Comments

danielgwilson picture danielgwilson  路  4Comments

Kurchunk picture Kurchunk  路  3Comments

filipfigzalski picture filipfigzalski  路  4Comments

fortyTwo102 picture fortyTwo102  路  4Comments