Spotify.NET/SpotifyAPI.Docs/versioned_docs/version-5.1.1/auth/authorization_code.md

55 lines
1.6 KiB
Markdown
Raw Permalink Normal View History

2019-08-16 23:40:04 +01:00
---
2020-05-13 17:25:42 +01:00
id: authorization_code
title: Authorization Code
2019-08-16 23:40:04 +01:00
---
This way is **not recommended** for client-side apps and requires server-side code to run securely.
With this approach, you first get a code which you need to trade against the access-token.
In this exchange you need to provide your Client-Secret and because of that it's not recommended.
A good thing about this method: You can always refresh your token, without having the user to auth it again.
More info: [here](https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow)
```csharp
static async void Main(string[] args)
{
AuthorizationCodeAuth auth = new AuthorizationCodeAuth(
_clientId,
_secretId,
"http://localhost:4002",
"http://localhost:4002",
Scope.PlaylistReadPrivate | Scope.PlaylistReadCollaborative
);
auth.AuthReceived += async (sender, payload) =>
{
auth.Stop();
Token token = await auth.ExchangeCode(payload.Code);
SpotifyWebAPI api = new SpotifyWebAPI()
{
TokenType = token.TokenType,
AccessToken = token.AccessToken
};
// Do requests with API client
};
auth.Start(); // Starts an internal HTTP Server
auth.OpenBrowser();
}
```
## Token Refresh
2020-05-13 17:25:42 +01:00
Once the `AccessToken` is expired, you can use your `RefreshToken` to get a new one.
In this procedure, no HTTP Server is needed in the background and a single HTTP Request is made.
```csharp
// Auth code from above
if(token.IsExpired())
{
Token newToken = await auth.RefreshToken(token.RefreshToken);
api.AccessToken = newToken.AccessToken
api.TokenType = newToken.TokenType
}
2020-05-13 17:25:42 +01:00
```