Spotify 授权代码流 returns 不完整的响应
Spotify Authorization Code Flow returns incomplete response
我有一个django服务器,我想执行spotify授权代码流程。
这是我创建的基本骨架:
- 用户打开
spotify/login url.
SpotifyLoginView 将他们重定向到 https://accounts.spotify.com/authorize url。- Spotify 服务器回调到
spotify/callback 端点。
SpotifyCallbackView 向 https://accounts.spotify.com/api/token 发出 POST 请求以获取身份验证令牌。
urls.py
urlpatterns = [
path(
"spotify/callback", views.SpotifyCallbackView.as_view(), name="spotify callback"
),
path("spotify/login", views.SpotifyLoginView.as_view(), name="spotify login"),
]
views.py
def build_authorize_url(request):
params = {
"client_id": "<my client id>",
"response_type": "code",
"redirect_uri": request.build_absolute_uri(
reverse("spotify callback")
),
"scope": " ".join(
[
"user-library-read",
"user-top-read",
"user-read-recently-played",
"playlist-read-private",
]
),
}
print(params)
url = (
furl("https://accounts.spotify.com/authorize")
.add(params)
.url
)
print(url)
return url
AUTH_HEADER = {
"Authorization": "Basic "
+ base64.b64encode(
"<my client id>:<my client secret>".encode()
).decode()
}
def handle_callback(request):
code = request.GET["code"]
response = requests.post(
"https://accounts.spotify.com/api/token",
data={
"grant_type": "client_credentials",
"code": code,
"redirect_uri": request.build_absolute_uri(
reverse("spotify callback")
),
},
headers=AUTH_HEADER,
)
return response.json()
class SpotifyLoginView(RedirectView):
query_string = True
def get_redirect_url(self, *args, **kwargs):
return build_authorize_url(self.request)
class SpotifyCallbackView(TemplateView):
template_name = "success.html"
def get(self, request, *args, **kwargs):
print(spotify.handle_callback(request))
return super().get(request, *args, **kwargs)
但是,spotify 返回的响应不包含 scope 和 refresh_token!
所以对于这些参数:
{'client_id': '<my client id>', 'response_type': 'code', 'redirect_uri': 'http://127.0.0.1:8000/spotify/callback', 'scope': 'user-library-read user-top-read user-read-recently-played playlist-read-private'}
翻译成这个 url:
https://accounts.spotify.com/authorize?client_id=<my client id>&response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Fspotify%2Fcallback&scope=user-library-read+user-top-read+user-read-recently-played+playlist-read-private
我得到的只有:
{'access_token': '<my acess token>', 'token_type': 'Bearer', 'expires_in': 3600, 'scope': ''}
虽然 docs 建议我应该得到这个:
{
"access_token": "NgCXRK...MzYjw",
"token_type": "Bearer",
"scope": "user-read-private user-read-email",
"expires_in": 3600,
"refresh_token": "NgAagA...Um_SHo"
}
此外,如果我尝试使用该访问令牌,我会返回 401 HTTP 错误。
$ curl -H "Authorization: Bearer <my acess token>" https://api.spotify.com/v1/me
{
"error" : {
"status" : 401,
"message" : "Unauthorized."
}
}
这是怎么回事?
在向 https://accounts.spotify.com/api/token 发出 POST 请求时,您必须使用 "authorization_code" 作为 grant_type 以获得初始访问令牌。在您的 handle_callback() 方法中:
response = requests.post(
"https://accounts.spotify.com/api/token",
data={
"grant_type": "authorization_code",
"code": code,
"redirect_uri": request.build_absolute_uri(
reverse("spotify callback")
),
},
headers=AUTH_HEADER,
)
我有一个django服务器,我想执行spotify授权代码流程。
这是我创建的基本骨架:
- 用户打开
spotify/loginurl. SpotifyLoginView将他们重定向到https://accounts.spotify.com/authorizeurl。- Spotify 服务器回调到
spotify/callback端点。 SpotifyCallbackView向https://accounts.spotify.com/api/token发出 POST 请求以获取身份验证令牌。
urls.py
urlpatterns = [
path(
"spotify/callback", views.SpotifyCallbackView.as_view(), name="spotify callback"
),
path("spotify/login", views.SpotifyLoginView.as_view(), name="spotify login"),
]
views.py
def build_authorize_url(request):
params = {
"client_id": "<my client id>",
"response_type": "code",
"redirect_uri": request.build_absolute_uri(
reverse("spotify callback")
),
"scope": " ".join(
[
"user-library-read",
"user-top-read",
"user-read-recently-played",
"playlist-read-private",
]
),
}
print(params)
url = (
furl("https://accounts.spotify.com/authorize")
.add(params)
.url
)
print(url)
return url
AUTH_HEADER = {
"Authorization": "Basic "
+ base64.b64encode(
"<my client id>:<my client secret>".encode()
).decode()
}
def handle_callback(request):
code = request.GET["code"]
response = requests.post(
"https://accounts.spotify.com/api/token",
data={
"grant_type": "client_credentials",
"code": code,
"redirect_uri": request.build_absolute_uri(
reverse("spotify callback")
),
},
headers=AUTH_HEADER,
)
return response.json()
class SpotifyLoginView(RedirectView):
query_string = True
def get_redirect_url(self, *args, **kwargs):
return build_authorize_url(self.request)
class SpotifyCallbackView(TemplateView):
template_name = "success.html"
def get(self, request, *args, **kwargs):
print(spotify.handle_callback(request))
return super().get(request, *args, **kwargs)
但是,spotify 返回的响应不包含 scope 和 refresh_token!
所以对于这些参数:
{'client_id': '<my client id>', 'response_type': 'code', 'redirect_uri': 'http://127.0.0.1:8000/spotify/callback', 'scope': 'user-library-read user-top-read user-read-recently-played playlist-read-private'}
翻译成这个 url:
https://accounts.spotify.com/authorize?client_id=<my client id>&response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Fspotify%2Fcallback&scope=user-library-read+user-top-read+user-read-recently-played+playlist-read-private
我得到的只有:
{'access_token': '<my acess token>', 'token_type': 'Bearer', 'expires_in': 3600, 'scope': ''}
虽然 docs 建议我应该得到这个:
{
"access_token": "NgCXRK...MzYjw",
"token_type": "Bearer",
"scope": "user-read-private user-read-email",
"expires_in": 3600,
"refresh_token": "NgAagA...Um_SHo"
}
此外,如果我尝试使用该访问令牌,我会返回 401 HTTP 错误。
$ curl -H "Authorization: Bearer <my acess token>" https://api.spotify.com/v1/me
{
"error" : {
"status" : 401,
"message" : "Unauthorized."
}
}
这是怎么回事?
在向 https://accounts.spotify.com/api/token 发出 POST 请求时,您必须使用 "authorization_code" 作为 grant_type 以获得初始访问令牌。在您的 handle_callback() 方法中:
response = requests.post(
"https://accounts.spotify.com/api/token",
data={
"grant_type": "authorization_code",
"code": code,
"redirect_uri": request.build_absolute_uri(
reverse("spotify callback")
),
},
headers=AUTH_HEADER,
)