<titledata-react-helmet="true">Authorization Code | SpotifyAPI-NET</title><metadata-react-helmet="true"name="docsearch:version"content="5.1.1"><metadata-react-helmet="true"name="twitter:card"content="summary_large_image"><metadata-react-helmet="true"property="og:title"content="Authorization Code | SpotifyAPI-NET"><metadata-react-helmet="true"name="description"content="This way is not recommended for client-side apps and requires server-side code to run securely."><metadata-react-helmet="true"property="og:description"content="This way is not recommended for client-side apps and requires server-side code to run securely."><metadata-react-helmet="true"property="og:url"content="https://johnnycrazy.github.io/SpotifyAPI-NET//docs/auth/authorization_code"><linkdata-react-helmet="true"rel="shortcut icon"href="/img/favicon.ico"><linkdata-react-helmet="true"rel="canonical"href="https://johnnycrazy.github.io/SpotifyAPI-NET//docs/auth/authorization_code"><linkrel="stylesheet"href="/styles.8a053330.css">
With this approach, you first get a code which you need to trade against the access-token.
In this exchange you need to provide your Client-Secret and because of that it's not recommended.
A good thing about this method: You can always refresh your token, without having the user to auth it again.</p><p>More info: <ahref="https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow"target="_blank"rel="noopener noreferrer">here</a></p><divclass="mdxCodeBlock_iHAB"><divclass="codeBlockContent_32p_"><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_1BYj">Copy</button><divtabindex="0"class="prism-code language-csharp codeBlock_19pQ"><divclass="codeBlockLines_2n9r"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">static async void Main(string[] args)</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">{</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> AuthorizationCodeAuth auth = new AuthorizationCodeAuth(</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> _clientId,</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> _secretId,</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">"http://localhost:4002",</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">"http://localhost:4002",</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> Scope.PlaylistReadPrivate | Scope.PlaylistReadCollaborative</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> );</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> auth.AuthReceived += async (sender, payload) =></span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> {</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> auth.Stop();</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> Token token = await auth.ExchangeCode(payload.Code);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> SpotifyWebAPI api = new SpotifyWebAPI()</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> {</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> TokenType = token.TokenType,</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> AccessToken = token.AccessToken</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> };</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Do requests with API client</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> };</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> auth.Start(); // Starts an internal HTTP Server</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> auth.OpenBrowser();</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">}</span></div></div></div></div></div><h2><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_ZqCz"id="token-refresh"></a>Token Refresh<aaria-hidden="true"tabindex="-1"class="hash-link"href="#token-refresh"title="Direct link to heading">#</a></h2><p>Once the <code>AccessToken</code> is expired, you can use your <code>RefreshToken</code> to get a new one.
In this procedure, no HTTP Server is needed in the background and a single HTTP Request is made.</p><divclass="mdxCodeBlock_iHAB"><divclass="codeBlockContent_32p_"><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_1BYj">Copy</button><divtabindex="0"class="prism-code language-csharp codeBlock_19pQ"><divclass="codeBlockLines_2n9r"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// Auth code from above</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">