3

I have tried following the spotify authorization code flow, and have fallen at the first hurdle of getting user authorization.

I have tried doing this using PHP curl.

If you take a look at my code, what am I doing wrong?

$url           = 'https://accounts.spotify.com/authorize';
$redirect_uri  = urlencode( site_url() );
$curl = curl_init();
 
curl_setopt( $curl, CURLOPT_URL, $url);
curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, true );
curl_setopt( $curl, CURLOPT_HTTPGET, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, 'state=' );
curl_setopt( $curl, CURLOPT_POSTFIELDS, 'response_type=code' );
curl_setopt( $curl, CURLOPT_POSTFIELDS, 'scope=playlist-read-private%20playlist-modify-private' );
curl_setopt( $curl, CURLOPT_POSTFIELDS, 'client_id=' . $this->client_id );
curl_setopt( $curl, CURLOPT_POSTFIELDS, 'redirect_uri=' . $redirect_uri );
 
curl_exec( $curl );
curl_close( $curl );
 
$fullquery     = 'https://accounts.spotify.com/authorize?response_type=code&state=&client_id=CLIENT_ID&scope=playlist-read-private%20playlist-modify-private&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Fspotifyapi';

Running this returns a block of html from spotify, embedded into my page, with the text: "Error Oops! Something went wrong, please try again or check out our help area."

What's interesting however, is that if I put the full query into my search bar, it works exactly as I expect, by taking me to an authorization page, and after acceptance, redirecting back to my callback url, with my access code as a parameter in the url.

Why can't I get the desired effect in my PHP function?

Any hints would be greatly appreciated. I know there is a php spotify api wrapper on GitHub I could use, but I want to do this myself as a learning project.

spotify error response

Improve this question
4
  • You already have created an app on spotify? I DO NOT see any CLIENT SECRET inside your code Please see: github.com/jwilsson/spotify-web-api-php/blob/master/docs/… Commented Jan 24, 2021 at 8:07
  • Did you solve the problem? I'm in the same situation. Accessing from the navigation bar, Spotify redirects to my page and I can handle the code, but only that way /: Commented Nov 3, 2021 at 3:51
  • Does $redirect_uri match the URI you set for the Redirect URIs in your app? Commented Nov 11, 2021 at 14:44
  • The same here....anyone has solved this problem ?? Commented Dec 27, 2021 at 18:57

1 Answer 1

Reset to default
5

You have to follow a 3 step process.

I managed to get the first step which is outlined above to work by simply building the query out of the data above, and appending that to the authorization url - and adding a link on the page. Like this:

$data = array(
    'client_id'     => $client_id,
    'redirect_uri'  => $redirect_url,
    'scope'         => $scope,
    'response_type' => $response_type,
);

$oauth_url = 'https://accounts.spotify.com/authorize?' . http_build_query( $data );
?>

<a href="<?php echo $oauth_url; ?>">Login</a>

Once the link is clicked, you are returned to the redirect url, where you can get the authorization code from the url, and continue with the authorization flow using curl.

<?php if ( isset( $_GET['code'] ) && ! isset( $_SESSION['spotify_access'] ) ) {

    $data = array(
        'redirect_uri' => $redirect_url,
        'grant_type'   => 'authorization_code',
        'code'         => $_GET['code'],
    );
    $ch            = curl_init();
    curl_setopt( $ch, CURLOPT_URL, 'https://accounts.spotify.com/api/token' );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
    curl_setopt( $ch, CURLOPT_POST, 1 );
    curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $data ) );
    curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Authorization: Basic ' . base64_encode( $client_id . ':' . $client_secret ) ) );

    $result = json_decode( curl_exec( $ch ) );


    curl_close( $ch );

    if ( isset( $result->access_token ) ) {
        header( 'Location: http://localhost:8888/spotify/getprofile.php?access=' . $result->access_token );
    }
}

Finally, you can fetch user data:

<?php if ( isset( $_GET['access'] ) ) {
    $ch = curl_init();
    curl_setopt( $ch, CURLOPT_URL, 'https://api.spotify.com/v1/me' );
    curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Content-Type:application/json', 'Authorization: Bearer ' . $_GET['access'] ) );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
    $userprofile = json_decode( curl_exec( $ch ) );
    curl_close( $ch );

    echo '<pre>';
    var_dump( $userprofile );
    echo '</pre>';

    if ( $userprofile->id ) {
        $ch = curl_init();
        curl_setopt( $ch, CURLOPT_URL, 'https://api.spotify.com/v1/users/' . $userprofile->id . '/playlists' );
        curl_setopt( $ch, CURLOPT_HTTPGET, 1 );
        curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
        curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $_GET['access'] ) );
        $playlists = json_decode( curl_exec( $ch ) );
        curl_close( $ch );
        echo '<pre>';
        var_dump( $playlists );
        echo '</pre>';
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.