-
Notifications
You must be signed in to change notification settings - Fork 30
Spotify
Damien edited this page Jun 5, 2016
·
1 revision
let spotify: Provider = .Spotify(
clientID: "***",
clientSecret: "***"
redirectURL: "foo://callback"
){
"access_token": "NgCXRK...MzYjw",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "NgAagA...Um_SHo"
}Scope |
Access permissions sought | Prompt shown to user |
|---|---|---|
| - | If no scope is specified, access is permitted only to publicly available information: that is, only information normally visible to normal logged-in users of the Spotify desktop, web, and mobile clients (e.g. public playlists). | "Read your publicly available information" |
| playlist-read-private | Read access to user's private playlists. | "Access your private playlists" |
| playlist-read-collaborative | Include collaborative playlists when requesting a user's playlists. | "Access your collaborative playlists" |
| playlist-modify-public | Write access to a user's public playlists. | "Manage your public playlists" |
| playlist-modify-private | Write access to a user's private playlists. | "Manage your private playlists" |
| streaming | Control playback of a Spotify track. This scope is currently only available to Spotify native SDKs (for example, the iOS SDK and the Android SDK). The user must have a Spotify Premium account. | "Play music and control playback on your other devices" |
| user-follow-modify | Write/delete access to the list of artists and other users that the user follows. | "Manage who you are following" |
| user-follow-read | Read access to the list of artists and other users that the user follows. | "Access your followers and who you are following" |
| user-library-read | Read access to a user's "Your Music" library. | "Access your saved tracks and albums" |
| user-library-modify | Write/delete access to a user's "Your Music" library. | "Manage your saved tracks and albums" |
| user-read-private | Read access to user’s subscription details (type of user account). | "Access your subscription details" |
| user-read-birthdate | Read access to the user's birthdate. | "Receive your birthdate" |
| user-read-email | Read access to user’s email address. | "Get your real email address" |
| user-top-read | Read access to a user's top artists and tracks | "Read your top artists and tracks" |
| Query parameter |
Value |
|---|---|
| client_id |
Required. The client ID provided to you by Spotify when you register your application. |
| response_type |
Required. Set it to code. |
| redirect_uri |
Required. The URI to redirect to after the user grants/denies permission. This URI needs to have been entered in the Redirect URI whitelist that you specified when you registered your application. The value of redirect_uri here must exactly match one of the values you entered when you registered your application, including upper/lowercase, terminating slashes, etc. |
| state |
Optional, but strongly recommended. The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string or encode the hash of some client state (e.g., a cookie) in this state variable, you can validate the response to additionally ensure that the request and response originated in the same browser. This provides protection against attacks such as cross-site request forgery. See RFC-6749. |
| scope |
Optional. A space-separated list of scopes: see Using Scopes. If no scopes are specified, authorization will be granted only to access publicly available information: that is, only information normally visible in the Spotify desktop, web and mobile players. |
| show_dialog |
Optional. Whether or not to force the user to approve the app again if they’ve already done so. If false (default), a user who has already approved the application may be automatically redirected to the URI specified by redirect_uri. If true, the user will not be automatically redirected and will have to approve the app again. |
| Request body parameter |
Value |
|---|---|
| grant_type |
Required. As defined in the OAuth 2.0 specification, this field must contain the value "authorization_code". |
| code |
Required. The authorization code returned from the initial request to the Account's /authorize endpoint. |
| redirect_uri |
Required. This parameter is used for validation only (there is no actual redirection). The value of this parameter must exactly match the value of redirect_uri supplied when requesting the authorization code. |