0

I'm building an Angular 2 app that connects to the Spotify API. I'm trying to refresh the access token for my app with the refresh_token I received when I authorized my app, I'm using the angular Http module to pass this to the API endpoint but I'm running into an Access-Control-Allow-Origin error. If I use a tool like Postman I can make the same call and it works fine, so I reckon that there's something in my app settings that it's not correct but can't find out what.

The Angular is set up using the Quickstart seed which uses webpack to create a local server. I make other calls to different endpoints of the API and it works fine, like for example retrieving a user playlist. The first difference I see with these calls is that they are GET requests and the one for the token I'm trying to get is a POST instead.

The function that I have for getting a new code is the following:

refreshAccessToken(): string {

        var newCode: string;
        var refresher = 'private_refresh_token';
        var endpoint = 'https://accounts.spotify.com/api/token';
        var encodedClientDetails = btoa(this.appClientID + ':' + this.appClientSecret);
        var header = new Headers({
            'Authorization': 'Basic ' + encodedClientDetails
        });

        var options = new RequestOptions({
            headers: header,
            body: {
                'grant_type': 'refresh_token',
                'refresh_token': refresher
            }
        });

        this.http.post(endpoint, options)
            .toPromise()
            .then(res => newCode = res.statusText.toString());

        return newCode;
    }

Chrome's dev console image with the error

I used the details provided in this documentation: https://developer.spotify.com/web-api/authorization-guide/

The cURL code that I'm using in Postman (and works fine!) is:

curl -X POST \
  https://accounts.spotify.com/api/token \
  -H 'authorization: Basic <base64 encoded client_id:client_secret>' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'postman-token: 13e6247a-b3a1-668f-bb5a-ea421bebe287' \
  -d 'grant_type=refresh_token&refresh_token=NgAagA...NU'

On the network details of the Chrome dev tools I can see that the request is of type OPTION with a 204 status

0 Answers0