As many developers probably know by now - Spotify does a great job at giving access to their API and all of the neat features that come with it. I've spent the past few weeks working on a project which focuses on taking advanced user analytics from Spotify and matching people based on similar taste.
In order to get my project off the ground I needed to learn how Spotify chooses to authenticate its users - which turns out to be OAuth if you're pursuing more in-depth information.
Below is a chart that illustrates the authentication process that Spotify wants you to put your users through in order to access their data.
This looks really complicated and if you're someone like me who grew up in the 21st century, reading is not my strong-suit so even though I've probably looked at this flow-chart ~400 times I still don't think I've ever actually read it to completion.
Regardless... the important things that you should take note of if you want to use Spotify's API is that your Client_id, Client_secret and Redirect_uri need to match EXACTLY. There is a place on the developer dashboard where you can access all of this information and put it into your .env file or wherever you store your secret info (only the client_secret really needs to be kept hidden though).
One really important thing that I think Spotify leaves out of its documentation is that you actually need to whitelist users in order to have other users sign-in and use your app. This is done on the dashboard under "Users and Access". Make sure that the name and email you put here are an exact match to your user's name (not username) and email.
In part 2 I'll detail a bit about the amazing RSpotify wrapper gem made by guilhermesad on github!
Top comments (0)