0

So all of a sudden they decide I need an authorization header for Spotify Search API.

My application runs in C++ using Poco Net libraries and I can't get it to work.

I went through all that process of getting the "code" that I am supposed to exchange for the token. I assume this code is valid, even though I used just a totally unrelated domain then copied it of the variable that was sent to that page.

See https://developer.spotify.com/web-api/authorization-guide/

This is my code that isn't working:

bool getToken()
{
    Poco::URI loginURI( "https://accounts.spotify.com" );
    Poco::Net::HTTPSClientSession loginSession( loginURI.getHost(), loginURI.getPort(), context );
//      Poco::Net::HTTPBasicCredentials credentials( clientId, clientSecret );

    std::ostringstream requestOStr;
    requestOStr << "https://accounts.spotify.com/api/token?grant_type=authorization_code&code="
            << (m_refreshToken.empty() ? code : m_refreshToken)
            << "&redirect_uri=" << redirectURI
            << "&client_id=" << clientId << "&client_secret=" << clientSecret;

    std::string requestStr( requestOStr.str() );
    Poco::Net::HTTPRequest loginRequest( Poco::Net::HTTPRequest::HTTP_POST, requestStr,
            Poco::Net::HTTPMessage::HTTP_1_1 );

//      credentials.authenticate( loginRequest );

    loginSession.sendRequest( loginRequest );
    Poco::Net::HTTPResponse response;

    std::istream& rs = loginSession.receiveResponse( response );
    std::cout << "Login request " << requestStr << std::endl;
    std::cout << "Login response status " << static_cast<int>(response.getStatus()) << ", "
            << response.getReason() << std::endl;

    std::string rsStr(std::istreambuf_iterator<char>(rs), {});
    if( rsStr.empty() )
    {
        std::cout << "No results" << std::endl;
        return false;
    }
    else
    {
        std::cout << "Logon response:\n" << rsStr << std::endl;
    }
    Parser parser;
    Var result;
    result = parser.parse(rsStr);
    Object::Ptr obj = result.extract<Object::Ptr>();
    try
    {
        Var tokenVar = obj->get( "access_token ");
        if( tokenVar.isString() )
        {
            m_token = tokenVar.convert< std::string >();
        }
        else
        {
            std::cerr << "Could not get access token" << std::endl;
            return false;
        }
        Var refreshTokenVar = obj->get( "refresh_token" );
        if( refreshTokenVar.isString() )
        {
            m_refreshToken = refreshTokenVar.convert< std::string >();
        }
        return true;
    }
    catch( const std::exception& err )
    {
        std::cerr << "Error getting login token" << err.what() << std::endl;
        return false;
    }
}

I tried the BasicCredentials instead of putting client id and clientSecret into the request but that got the same result.

This is how the HTTP request looks with the values modified:

https://accounts.spotify.com/api/token?grant_type=authorization_code&code=THE_CODE&redirect_uri=THE_REDIRECT_URI&client_id=THE_CLIENT_ID&client_secret=THE_CLIENT_SECRET

The response I am getting is:

Login response status 400, Bad Request
  {"error":"server_error","error_description":"Unexpected status: 400"}
CashCow
  • 30,981
  • 5
  • 61
  • 92
  • Well what a surprise I come back a whole day later and nobody has answered it. All I see is nonsense anyway when questions have been asked before. – CashCow Jun 03 '17 at 21:57
  • I pretty much found the answer here: https://stackoverflow.com/questions/13165877/how-do-i-make-an-http-post-with-http-basic-authentication-using-poco Apparently because it's a POST I first make the request with the length of the body, I have to set a couple of keepAlive flags and then I send the rest of the data. The BasicCredentials worked too. All I need to know how is how to get the authorization code in the first place, given I need this stupid redirect_uri. – CashCow Jun 04 '17 at 12:46

1 Answers1

0

Ok I will answer my own question now having found out the answer. My error was mis-use of POST.

This works, once I have the original authorization_code. The code will no longer be valid once "swapped" but that's a different issue.

bool getToken()
{
    Poco::URI loginURI( "https://accounts.spotify.com" );
    Poco::Net::HTTPSClientSession loginSession( loginURI.getHost(), loginURI.getPort(), context );
    Poco::Net::HTTPBasicCredentials credentials( clientId, clientSecret );

    loginSession.setKeepAlive( true );
    std::string requestStr( "https://accounts.spotify.com/api/token" );
    Poco::Net::HTTPRequest loginRequest( Poco::Net::HTTPRequest::HTTP_POST,
            requestStr,
            Poco::Net::HTTPMessage::HTTP_1_1 );
    loginRequest.setContentType("application/x-www-form-urlencoded");
    loginRequest.setKeepAlive( true );

    std::string grantType;
    std::string authCode;

    if( m_refreshToken.empty() )
    {
        grantType = "authorization_code";
        authCode = code;
    }
    else
    {
        grantType = "refresh_token";
        authCode = m_refreshToken;
    }
    std::ostringstream contentOStr;
    contentOStr << "grant_type=" << grantType <<
        "&code=" << authCode
        << "&redirect_uri=" << redirectURI;

    std::string contentStr = contentOStr.str();
    loginRequest.setContentLength( contentStr.size() );
    credentials.authenticate( loginRequest );

    std::ostream& requestOStr = loginSession.sendRequest( loginRequest );
    requestOStr << contentStr;
    requestOStr.flush();
    Poco::Net::HTTPResponse response;

    std::istream& rs = loginSession.receiveResponse( response );
    std::cout << "Login request ";
    loginRequest.write(std::cout);
    std::cout << std::endl;
    std::cout << "Login response status " << static_cast<int>(response.getStatus()) << ", "
            << response.getReason() << std::endl;

    std::string rsStr(std::istreambuf_iterator<char>(rs), {});
    if( rsStr.empty() )
    {
        std::cout << "No results" << std::endl;
        return false;
    }
    else
    {
        std::cout << "Logon response:\n" << rsStr << std::endl;
    }
    Parser parser;
    Var result;
    result = parser.parse(rsStr);
    Object::Ptr obj = result.extract<Object::Ptr>();
    try
    {
        Var tokenVar = obj->get( "access_token" );
        if( tokenVar.isString() )
        {
            m_token = tokenVar.convert< std::string >();
        }
        else
        {
            std::cerr << "Could not get access token" << std::endl;
            return false;
        }
        Var refreshTokenVar = obj->get( "refresh_token" );
        if( refreshTokenVar.isString() )
        {
            m_refreshToken = refreshTokenVar.convert< std::string >();
        }
        return true;
    }
    catch( const std::exception& err )
    {
        std::cerr << "Error getting login token" << err.what() << std::endl;
        return false;
    }
}
CashCow
  • 30,981
  • 5
  • 61
  • 92