-1
https://accounts.spotify.com/authorize?client_id=6af26783dff4466fa5cbcce0f042aba7&redirect_uri=http://bon-deals.com/School/Collegas/Heartify/callback&scope=user-read-private+user-read-email&response_type=token

When above link is clicked Spotify API will respond with the following sample link:

http://bon-deals.com/School/Collegas/Heartify/callback#access_token=BQALr_8ac05PFDIo43oPddsSJafQNXn2nEgqR0FJALJov8dJktgrSzRoAYCGijlXyLVOZYHryhvj7TXsTh6wc3ntVrOMx36HscqS_pA9b6978bMjIP9U6IWSu-aErTRwc2rScM4Y7iJtpKRsid0MGMCLq3tPvCQ&token_type=Bearer&expires_in=3600

I cannot manage to $_GET['access_token'] because of the # before access_token in the URL.

We also tried getting Access Token by changing response_type=code and then transfer code to access token with cURL POST method but also did not work.

livibetter
  • 17,094
  • 2
  • 37
  • 40
HatoBrr
  • 324
  • 1
  • 9
  • `$_GET` contains the query variables of the url that is requested to the server, the current script. If you receive a response from an api in your script, you need to parse the response to get your variables, that has nothing to do with `$_GET`. What does your code look like? – jeroen Apr 08 '15 at 12:25

2 Answers2

0

You cannot get access to the so-called fragment of the URL server-side because the fragment part is meant for the user agent (i.e. the browser) only. The requested response type token indicates that the caller wants the token to be delivered in the fragment because it is an in-browser client or a native app.

If you want a token to be delivered to the server-side backend, you need to use another type of response e.g. response_type=code. You can then exchange the code for an access_token through a call to Spotify's token endpoint.

If that does not work for you that would be another question, including error description/logs etc.

Hans Z.
  • 41,402
  • 9
  • 80
  • 105
0

Did you do the curl correctly?

What response did you get?

Did you check the HTTP Response Header?

When @hans Z said "because the fragment part is meant for the user agent (i.e. the browser) only.", this is not true.

Often the problem is in the Request Header. The curl code below will get every detail any user agent can get. You just need to set up the Request Header correctly. You would probably delete the Cookie:

If you need to do a post then add:

$post = 'key1=value1&key2=value2&key3=value3';
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

PHP

$request = array();
$request[] = 'Host: xxxxxxx';
$request[] = 'User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101 Firefox/39.0';
$request[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$request[] = 'Accept-Language: en-US,en;q=0.5';
$request[] = 'Accept-Encoding: gzip, deflate';
$request[] = 'DNT: 1';
$request[] = 'Cookie: xxxx
$request[] = 'Connection: keep-alive';
$request[] = 'Pragma: no-cache';
$request[] = 'Cache-Control: no-cache';
$url = 'https://xxxx.com/';
 $ch = curl_init($url);

  curl_setopt($ch, CURLOPT_ENCODING,"");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_HEADER, true);
  curl_setopt($ch, CURLINFO_HEADER_OUT, true);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  curl_setopt($ch, CURLOPT_FILETIME, true);
  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 100);
  curl_setopt($ch, CURLOPT_VERBOSE, true);
  curl_setopt($ch, CURLOPT_AUTOREFERER, true);
  curl_setopt($ch, CURLOPT_TIMEOUT,100);
  curl_setopt($ch, CURLOPT_FAILONERROR,true);
  curl_setopt($ch, CURLOPT_HTTPHEADER, $request);

  $data = curl_exec($ch);
  if (curl_errno($ch)){
      $data .= 'Retreive Base Page Error: ' . curl_error($ch);
  }
  else {
    $skip = intval(curl_getinfo($ch, CURLINFO_HEADER_SIZE)); 
    $responseHeader = substr($data,0,$skip);
    $data= substr($data,$skip);
    $info = curl_getinfo($ch);
    $info = var_export($info,true);
   }
   echo $responseHeader . $info . $data;
Misunderstood
  • 4,439
  • 1
  • 12
  • 21