Spotify 请求网络 api 删除未经身份验证的调用
Spotify request web api removing unauthenticated calls
删除未经身份验证的 Web 调用后 API 我在获取令牌时遇到问题。我在 developer.spotify 上发现我需要创建一个授权代码流。最大的问题是:
It provides an access token that can be refreshed. Since the token
exchange involves sending your secret key, this should happen on a
secure location, like a backend service, not from a client like a
browser or mobile apps.
是否有其他一些方法可以在没有授权代码流的情况下使用网络 api,例如 "get track" 或 "search an item"?
是的,您需要阅读有关客户端凭据流的内容。
The method makes it possible to authenticate your requests to the
Spotify Web API and to obtain a higher rate limit than you would get
without authentication.
您需要使用在 developer.spotify 上注册应用后获得的 client_id 和 client_secret。
请求将在请求 body 中包含参数 grant_type,值为 "client_credentials" 并且 header 必须包含 Authorization.
Required. Base 64 encoded string that contains the client ID and
client secret key. The field must have the format: Authorization:
Basic base64 encoded client_id:client_secret
您可以在 Web API Authorization Guide
中找到所有这些信息
如何获取令牌的示例:
- (void)spotifyToken {
NSString *body = @"grant_type=client_credentials";
NSData *postData = [body dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSString *prepareHeader = [NSString stringWithFormat:@"%@:%@",clientId, clientSecret];
NSData *data = [prepareHeader dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64encoded = [data base64EncodedStringWithOptions:0];
NSString *header = [NSString stringWithFormat:@"Basic %@", base64encoded];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setURL:[NSURL URLWithString:@"https://accounts.spotify.com/api/token"]];
[request setHTTPBody:postData];
[request setHTTPMethod:@"POST"];
[request setValue:header forHTTPHeaderField:@"Authorization"];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
[[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
if (!error) {
dispatch_async(dispatch_get_main_queue(), ^{
// saving somewhere token for further using
});
}
}] resume];
}
然后您为 搜索项目 提出几乎相同的请求。但是 POST 你在 header 中用你的令牌发送 GET。看起来像:
NSString *token = [tokenData objectForKey:@"access_token"];
NSString *tokenType = [tokenData objectForKey:@"token_type"];
NSString *header = [NSString stringWithFormat:@"%@ %@", tokenType, token];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"https://api.spotify.com/v1/search?%@",trackId]];
[request setValue:header forHTTPHeaderField:@"Authorization"];
[request setURL:url];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
[[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
if (!error) {
NSDictionary *json = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil];
// JSON with song is here
}
}] resume];
删除未经身份验证的 Web 调用后 API 我在获取令牌时遇到问题。我在 developer.spotify 上发现我需要创建一个授权代码流。最大的问题是:
It provides an access token that can be refreshed. Since the token exchange involves sending your secret key, this should happen on a secure location, like a backend service, not from a client like a browser or mobile apps.
是否有其他一些方法可以在没有授权代码流的情况下使用网络 api,例如 "get track" 或 "search an item"?
是的,您需要阅读有关客户端凭据流的内容。
The method makes it possible to authenticate your requests to the Spotify Web API and to obtain a higher rate limit than you would get without authentication.
您需要使用在 developer.spotify 上注册应用后获得的 client_id 和 client_secret。
请求将在请求 body 中包含参数 grant_type,值为 "client_credentials" 并且 header 必须包含 Authorization.
Required. Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic base64 encoded client_id:client_secret
您可以在 Web API Authorization Guide
中找到所有这些信息如何获取令牌的示例:
- (void)spotifyToken {
NSString *body = @"grant_type=client_credentials";
NSData *postData = [body dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSString *prepareHeader = [NSString stringWithFormat:@"%@:%@",clientId, clientSecret];
NSData *data = [prepareHeader dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64encoded = [data base64EncodedStringWithOptions:0];
NSString *header = [NSString stringWithFormat:@"Basic %@", base64encoded];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setURL:[NSURL URLWithString:@"https://accounts.spotify.com/api/token"]];
[request setHTTPBody:postData];
[request setHTTPMethod:@"POST"];
[request setValue:header forHTTPHeaderField:@"Authorization"];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
[[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
if (!error) {
dispatch_async(dispatch_get_main_queue(), ^{
// saving somewhere token for further using
});
}
}] resume];
}
然后您为 搜索项目 提出几乎相同的请求。但是 POST 你在 header 中用你的令牌发送 GET。看起来像:
NSString *token = [tokenData objectForKey:@"access_token"];
NSString *tokenType = [tokenData objectForKey:@"token_type"];
NSString *header = [NSString stringWithFormat:@"%@ %@", tokenType, token];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"https://api.spotify.com/v1/search?%@",trackId]];
[request setValue:header forHTTPHeaderField:@"Authorization"];
[request setURL:url];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
[[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
if (!error) {
NSDictionary *json = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil];
// JSON with song is here
}
}] resume];