Spotify.NET/SpotifyAPI.Docs/docs/auth/authorization_code.md

---
sidebar: false
---

# AutorizationCodeAuth

This way is **not recommended** for client-side apps and requires server-side code to run securely.
With this approach, you first get a code which you need to trade against the access-token.
In this exchange you need to provide your Client-Secret and because of that it's not recommended.
A good thing about this method: You can always refresh your token, without having the user to auth it again.

More info: [here](https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow)

```csharp
static async void Main(string[] args)
{
    AuthorizationCodeAuth auth = new AuthorizationCodeAuth(
      _clientId,
      _secretId,
      "http://localhost:4002",
      "http://localhost:4002",
      Scope.PlaylistReadPrivate | Scope.PlaylistReadCollaborative
    );

    auth.AuthReceived += async (sender, payload) =>
    {
        auth.Stop();
        Token token = await auth.ExchangeCode(payload.Code);
        SpotifyWebAPI api = new SpotifyWebAPI()
        {
          TokenType = token.TokenType,
          AccessToken = token.AccessToken
        };
        // Do requests with API client
    };
    auth.Start(); // Starts an internal HTTP Server
    auth.OpenBrowser();
}
```

## Token Refresh

Once the `AccessToken` is expired, you can use your `RefreshToken` to get a new one. 
In this procedure, no HTTP Server is needed in the background and a single HTTP Request is made.

```csharp
// Auth code from above

if(token.IsExpired())
{
  Token newToken = await auth.RefreshToken(token.RefreshToken);
  api.AccessToken = newToken.AccessToken
  api.TokenType = newToken.TokenType
}
```
Switched docs from mkdocs to vuepress 2019-08-16 23:40:04 +01:00			`---`
			`sidebar: false`
			`---`

			`# AutorizationCodeAuth`

			`This way is not recommended for client-side apps and requires server-side code to run securely.`
			`With this approach, you first get a code which you need to trade against the access-token.`
			`In this exchange you need to provide your Client-Secret and because of that it's not recommended.`
			`A good thing about this method: You can always refresh your token, without having the user to auth it again.`

			`More info: [here](https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow)`

			```csharp
			`static async void Main(string[] args)`
			`{`
			`AuthorizationCodeAuth auth = new AuthorizationCodeAuth(`
			`_clientId,`
			`_secretId,`
			`"http://localhost:4002",`
			`"http://localhost:4002",`
			`Scope.PlaylistReadPrivate \| Scope.PlaylistReadCollaborative`
			`);`

			`auth.AuthReceived += async (sender, payload) =>`
			`{`
			`auth.Stop();`
			`Token token = await auth.ExchangeCode(payload.Code);`
			`SpotifyWebAPI api = new SpotifyWebAPI()`
			`{`
			`TokenType = token.TokenType,`
			`AccessToken = token.AccessToken`
			`};`
			`// Do requests with API client`
			`};`
			`auth.Start(); // Starts an internal HTTP Server`
			`auth.OpenBrowser();`
			`}`
			```
Updated docs regarding Refresh of Tokens and fixed dead links 2019-11-11 16:01:23 +00:00
			`## Token Refresh`

			Once the `AccessToken` is expired, you can use your `RefreshToken` to get a new one.
			`In this procedure, no HTTP Server is needed in the background and a single HTTP Request is made.`

			```csharp
			`// Auth code from above`

			`if(token.IsExpired())`
			`{`
			`Token newToken = await auth.RefreshToken(token.RefreshToken);`
			`api.AccessToken = newToken.AccessToken`
			`api.TokenType = newToken.TokenType`
			`}`
			```