Spotify API {'error': 'invalid_client'} Authorization Code Flow [400]

Question

This is one of my many attempts at making a POST request to https://accounts.spotify.com/api/token.

Scope was set to 'playlist-modify-public, playlist-modify-private'.

I'm using Python 3.7, Django 2.1.3.

No matter what I do, response_data returns {'error': 'invalid_client'}

I've tried many things, including passing the client_id/client_secret inside the body of the request as per the official Spotify documentation for this particular request... to no avail.

Please help!

def callback(request):

    auth_token = request.GET.get('code')     # from the URL after user has clicked accept
    code_payload = {
        'grant_type': 'authorization_code',
        'code': str(auth_token),
        'redirect_uri': REDIRECT_URI,
    }

    auth_str = '{}:{}'.format(CLIENT_ID, CLIENT_SECRET)
    b64_auth_str = base64.b64encode(auth_str.encode()).decode()

    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': 'Basic {}'.format(b64_auth_str)
    }

    post_request = requests.post(SPOTIFY_TOKEN_URL, data=code_payload, headers=headers)

    response_data = json.loads(post_request.text)
        # ==> {'error': 'invalid_client'}

Hey @MatteusBarbosa, I actually realized I had reset my Spotify client_secret on the Spotify Dashboard and completely forgot to modify my code accordingly... Felt real smart :| — Charlotte Prevost, Feb 20 '20 at 02:02

score 14 · Answer 1 · answered May 19 '21 at 18:27

14

From the documentation

An alternative way to send the client id and secret is as request parameters (client_id and client_secret) in the POST body, instead of sending them base64-encoded in the header.

    SPOTIFY_TOKEN = "https://accounts.spotify.com/api/token"
    request_body = {
        "grant_type": GRANT_TYPE,
        "code": code,
        "redirect_uri": REDIRECT_URI,
        "client_id": SPOTIFY_CLIENT_ID,
        "client_secret": SPOTIFY_CLIENT_SECRET,
    }
    r = requests.post(url=SPOTIFY_TOKEN, data=request_body)
    resp = r.json()

This works as well.

answered May 19 '21 at 18:27

Harshit Singhai

1,150
11
7

This should be the accepted answer - the current accepted answer has exactly the same issue. – Sinister Beard Dec 29 '21 at 21:57
This worked for me! Thank you so much. I was using some parameters from the JavaScript example on the Spotify Developers site, and needed to omit them. – The Grindfather Aug 10 '22 at 23:00

score 9 · Answer 2 · answered Dec 01 '18 at 05:05

9

I suspect the issue is with invalid characters in your Authorization header. Try using urlsafe_b64encode instead of b64encode to prepare that header value:

b64_auth_str = base64.urlsafe_b64encode(auth_str.encode()).decode()

answered Dec 01 '18 at 05:05

solarissmoke

30,039
14
71
73

1

I had the same error using: hash = (client_id + ":" + client_secret).toString('base64'); So i encode it on this site : https://www.base64encode.org and it work – bulgarian-beast Nov 02 '21 at 20:43

score 2 · Answer 3 · answered Jan 04 '22 at 22:40

Here is another problem mentioned. If the error is

INVALID_CLIENT: Invalid redirect URI

then you need to register your URI. Quote from the source - to have everything at one place:

Simply log in, find your app and click "Edit Settings" in the top right section. Under redirect URIs you add REDIRECT_URI and remember to click save in the bottom. This should resolve your issue.

Spotify API {'error': 'invalid_client'} Authorization Code Flow [400]

3 Answers3

Linked