11

I've been looking at the Spotify api for a few days now and example source code and I still can't figure out how to get an access token to access a user's playlist data. I've gotten to the point where I pull up the login window, the user logs in, and then I receive an authorization code. At this point, I tried doing things like:

window.open("https://accounts.spotify.com/api/token?
grant_type=authorization_code&code="+code+"&redirect_uri=myurl&client_id=3137b15
2f1424defa2c6020ae5c6d444&client_secret=mysecret");

and 

$.ajax(
    {
      url: "https://accounts.spotify.com/api/token?grant_type=authorization_code&code="+code+"&redirect_uri=myurl&client_secret=mysecret&client_id=myid", 
      success: function(result){
        alert("foo");
      }
    }
);

But either way I get a result like: 

{"error":"server_error","error_description":"Unexpected status: 405"}

instead of a token. I'm sure this is simple but I'm terrible at JS. Please help! Thank you!

(edit) I forgot to mention:

Link to api authentication guide: https://developer.spotify.com/web-api/authorization-guide/

I'm stuck on step 4. I see that there is an alternative method on sending a "header parameter" or cURL request which might work. But seing as how I have no idea how to do these things I've stuck with sending the client_id and client_secret as body request parameters like I did before for the user login/code.

PS: I'm only using this application I'm writing for myself. Is there a way I could hardcode a token in without going through this process instead?

Ashwin Gupta
  • 2,100
  • 7
  • 23
  • 54

1 Answers1

11

When the authorization code has been received, you will need to exchange it with an access token by making a POST request to the Spotify Accounts service, this time to its /api/token endpoint:

So you need to make a POST request to the Spotify API, with the parameters in the request body:

$.ajax(
  {
    method: "POST",
    url: "https://accounts.spotify.com/api/token",
    data: {
      "grant_type":    "authorization_code",
      "code":          code,
      "redirect_uri":  myurl,
      "client_secret": mysecret,
      "client_id":     myid,
    },
    success: function(result) {
      // handle result...
    },
  }
);

(As a sidenote, "Unexpected status: 405" refers to the HTTP status code 405 Method Not Allowed, which indicates that the request method you tried—a GET request—is not allowed on that URL.)

Frxstrem
  • 30,162
  • 8
  • 66
  • 99
  • Interesting, seems simple enough. Giving it a shot right now, I'll let you know how it goes in a minute. – Ashwin Gupta Oct 06 '16 at 04:16
  • Ok tried this. I got `XMLHttpRequest cannot load https://accounts.spotify.com/api/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'www.mysite.com' is therefore not allowed access.`. I know for a fact I've got a valid code, secret id, id, and url. As for grant_type I just put in "authorization_code" – Ashwin Gupta Oct 06 '16 at 04:23
  • @AshwinGupta There's [this answer](http://stackoverflow.com/a/28406268) to this exact problem: *"The request to https://accounts.spotify.com/api/token needs to be made server side and not as an AJAX request."* – Frxstrem Oct 06 '16 at 04:25
  • Ah okay! Sorry, should've looked that up. Thanks for your help, the part I was confused on was the POST vs GET and how to send the ajax so that was awesome advice! – Ashwin Gupta Oct 06 '16 at 04:29
  • One quick question: In the post you linked me too it says you can't use a client-side request. Does that include the entire POST request with the code, redirect_uri, etc. Or just the header part with the client_id and client_id ? – Ashwin Gupta Oct 06 '16 at 04:32