How can I get user data from Spotify without login?
YouTube Data API, you can get user public data information if you know the Channel ID.
Is i possible to do it in the same way?
I have tried the following link with UserID but it requires authentication.
https://api.spotify.com/v1/users/{user_id}/playlists
Maybe you should check documents below
Spotify documents
hope helps
If you want to fetch user's public playlists you need to authenticate the request.
The authentication is based on OAuth 2.0 and there are several ways to obtain a token. On of them, the Client Credentials flow doesn't involve a login form and you only need your client_id and client_secret to obtain a token.
Related
I've checked many resources, and most of them claim the only way to fetch users media using an token is to create facebook app, add instagram, generate user token for yourself and fetch graph api. https://graph.instagram.com/me endpoint. Is there no other way to simply fetch user's media via official api by using access token and username?
Also, when I use /me endpoint, everything works. If I change it to /*myusername*, where I obviously put my username instead, it says that said object does not exist, cannot be loaded due to missing permissions, or does not support this operation.
So, no. If you want to use Instagram API to fetch regular( ie not business ) users' feed, you need to use Instagram Basic API.
What I ideally want to achieve is to be able to Login with Google SignIn, and put authentication on my Nodejs server's endpoints.
What I have done till now is log in the user in the browser, and send the IdToken to the server, validate this TokenId using verifyIdToken() using this link.
https://www.google.com/search?q=verify+idToke&rlz=1C5CHFA_enIN936IN936&oq=verify+idToke&aqs=chrome..69i57j0i13l2j0i13i30l3j69i60l2.12008j0j7&sourceid=chrome&ie=UTF-8
Question:
Once verified, should I generate an access_token using some package, and use that to secure my server's API? Or Use Google SignIn's IdToken as an access token for it?
Or Is there some other flow I'm not getting?
The id_token contains information about the user i.e. email, name, and profile picture.
If that's all that your application needs then the access_token won't be of use to you.
If you're trying to access/modify data belonging to the user, (i.e. trying to add an event to their calendar using the calendar api) then you need the access_token. The access_token is what will give you access to the user's account. If your application requests offline access to the user data then you will also receive something called a refresh_token that will let you regenerate your access token once it expires. If you add the refresh token to your oAuthClient it should automatically renew the access token for you when you make an api call.
Based on what you described I don't think you need the access_token and the id_token might be all you need.
More information is available on this page: https://developers.google.com/identity/protocols/oauth2
I'm following this tutorial to get the track list from my Discover Weekly playlist. The tutorial mentions that I need to get an OAuth token for my own account before requesting the playlist info. This is done by going to a random Console page and click on 'Get token' at the end of the page (which requires me to log into my Spotify account and approves the Console to access my account data).
However, I want to acquire this token programmatically, instead of manually clicking on 'Get token' and logging into my account every time I need this token. What I have is:
My Spotify user ID (from my Account page)
The Spotify client ID for an application I just created under Spotify for Developers
The client secret for this application
Basic knowledge of how to send GET and POST requests (using Python's requests library)
How can I get an OAuth token, or at least generate a new token each time, using some of these above
information?
It depends on what you're trying to do. If all you want is a token to query the api to lookup songs/artists/etc., then you can use the Client Credentials auth flow that doesn't require any user input. All you need to do here is exchange your client ID and secret for an access_token that you'll use in subsequent requests.
If you want access or change certain user information, you'll have to use one of the two other flows on the same spotify authorization page. You'll need to pass a list of scopes with this request, directing the user to a spotify-url-based authorization page, and be able to give it a redirect url that will handle the receiving of the access_token object once the user logs in to the spotify page.
I don't think there's a way to implement one of these flows where you need to request user scopes without having some sort of web server running to accept the redirect passed into the spotify auth url and then save the given token.
After looking at the link you posted for spotify's console pages, it looks like you can use any of those API requests to generate a token including the scopes you want. All it's doing is performing the normal authorization flow in the background, skipping the step where it returns a secret to you that your server that you can then exchange for an access_token and refresh_token. Using the spotify console pages seems like an easy quick way to get scripts or prototypes running without having to deal with setting up your own webserver.
I tried to create a new playlist for a user different user on Spotify using my developer account's credentials (used the authentication key which was generated by using developer's ID as the owner ID). But it didn't work and displayed the following error message.
error message: "You cannot create a playlist for another user."
I want to know the way of creating new playlist on one account using another account's credentials.
I want my users to be able to work with spotify playlists using my application.
Thank you.
As you've already quoted:
"You cannot create a playlist for another user."
The access token used when making a Create a Playlist request needs to be authorized by the user for whom you're creating the playlist. Otherwise, any application could create a playlists on users' behalf without their explicit permission.
This doesn't stop your application from creating playlists for other users though, but you'll need to use either the Authorization Code flow or the Implicit Grant flow to get the access token. (Access tokens retrieved through the Client Credentials flow isn't tied to any specific user.) These flows are part of the oAuth 2.0 standard and there are lots of documentation out there to read more about them. Please see Spotify's Authorization Guide for a guide that's specific to Spotify. Code examples for these flows are also available on Github.
I am using Passport to register/authenticate using Facebook.
When oAuth is successful, I am returned:
accessToken
refreshToken
profile
Now... when a user successfully registers using Facebook, I store accessToken and the profile info.
When somebody wants to login, and goes through the oauth motions again, my app once more gets accessToken and profile.
Trouble is, accessToken is different. I actually expected the accessToken to be the same after the first authentication...
At this point, I am connecting my own local user with the facebook's id field from the profile. But... how would I actually use accessToken? Does it even make sense to keep it? If so, why would I actually keep it?
I actually expect accessToken to be the same, and use that to match a successful login. I obviously can't do that... so I am confused!
You need to keep accessToken if you want to query facebook's API on behalf of your logged-in-via-facebook user. If you want to use facebook just for login only, you can discard it. If you want to ask facebook for the user's most recent status update, for example, you need to include that accessToken as a parameter when making that API call. The point of the accessToken is that it allows a set of operations on behalf of a user, but it expires so if it falls into the wrong hands it cannot be used to cause as much damage as a permanent token or the user's actual password. It will be different every time by design.
You should store facebook Id. It should be in the profile object. Access token will change according to facebooks policy of authorization. What you should be doing is
Get the user to login through facebook
Check their facebook id against the facebook id in your database.
Access tokens expire frequently as described here