Spotify recently updated their API conditions with the requirement that every request have authentication, which is fine, but when trying to set that up on the front-end I got the 'Access-Control-Allow-Origin' issue posted here: Access-Control-Allow-Origin denied spotify api because I was trying to do it through AJAX. My app does not require any personal spotify information, just pulling down preview URLs and track information from spotify, so I'd prefer if users didn't have to log in to use it. If I was going to implement Client Credential flow on the backend, where would I start? My app is a Django backend with JavaScript/React on the frontend. My main concern is that anywhere where I put the code to get myself a token has to come from the server side, but also be run every ~hour as the tokens expire. Any help is welcome, I can post code if necessary!
Asked
Active
Viewed 1,261 times
0
-
1You don't need to do this on the back end at all - you can use implicit grant flow (scroll to the bottom at https://developer.spotify.com/web-api/authorization-guide/). In my opinion, this greatly simplifies your app if you don't need a user to log in or any special permissions. See if it'll work for your use case. – Arnav Aggarwal Jun 01 '17 at 20:27
-
1From what I understood when reading through implicit grant flow previously was that it required the user to log in themselves by redirecting them to spotify's /authorize endpoint, are you saying that there's a way for me to be the one that logs in and not them? To me it looked like step 2 on that flow was the user of my site having to enter their own credentials, and for their example I sort of saw a part where the user was taken to a login form like spotify's – ayyjohn Jun 02 '17 at 21:04
-
I think you're correct. It requires the user to log in. Sorry about that. – Arnav Aggarwal Jun 02 '17 at 22:43
-
So do you know of how to do it via the backend? – ayyjohn Jun 03 '17 at 02:46
-
Sorry, I don't. I would have tried to answer if I did. – Arnav Aggarwal Jun 03 '17 at 17:34