<titledata-react-helmet="true">Authorization Code | SpotifyAPI-NET</title><metadata-react-helmet="true"property="og:url"content="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/authorization_code"><metadata-react-helmet="true"name="docusaurus_locale"content="en"><metadata-react-helmet="true"name="docusaurus_version"content="current"><metadata-react-helmet="true"name="docusaurus_tag"content="docs-default-current"><metadata-react-helmet="true"property="og:title"content="Authorization Code | SpotifyAPI-NET"><metadata-react-helmet="true"name="description"content="This flow is suitable for long-running applications in which the user grants permission only once. It provides an access token that can be refreshed. Since the token exchange involves sending your secret key, perform this on a secure location, like a backend service, and not from a client such as a browser or from a mobile app."><metadata-react-helmet="true"property="og:description"content="This flow is suitable for long-running applications in which the user grants permission only once. It provides an access token that can be refreshed. Since the token exchange involves sending your secret key, perform this on a secure location, like a backend service, and not from a client such as a browser or from a mobile app."><linkdata-react-helmet="true"rel="shortcut icon"href="/SpotifyAPI-NET/img/favicon.ico"><linkdata-react-helmet="true"rel="canonical"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/authorization_code"><linkdata-react-helmet="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/authorization_code"hreflang="en"><linkdata-react-helmet="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/authorization_code"hreflang="x-default"><linkrel="stylesheet"href="/SpotifyAPI-NET/assets/css/styles.834af7f3.css">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var spotify = new SpotifyClient(response.AccessToken);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Also important for later: response.RefreshToken</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">}</span></span></code></pre><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>If the token expires at some point (check via <code>response.IsExpired</code>), you can refresh it:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly csharp"><pretabindex="0"class="prism-code language-csharp codeBlock_23N8 thin-scrollbar"style="color:#bfc7d5;background-color:#292d3e"><codeclass="codeBlockLines_39YC"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var newResponse = await new OAuthClient().RequestToken(</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new AuthorizationCodeRefreshRequest("ClientId", "ClientSecret", response.RefreshToken)</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var spotify = new SpotifyClient(newResponse.AccessToken);</span></span></code></pre><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>You can also let the <code>AuthorizationCodeAuthenticator</code> take care of the refresh part:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly csharp"><pretabindex="0"class="prism-code language-csharp codeBlock_23N8 thin-scrollbar"style="color:#bfc7d5;background-color:#292d3e"><codeclass="codeBlockLines_39YC"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var response = await new OAuthClient().RequestToken(</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new AuthorizationCodeTokenRequest("ClientId", "ClientSecret", code, "http://localhost:5000")</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var config = SpotifyClientConfig</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> .CreateDefault()</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> .WithAuthenticator(new AuthorizationCodeAuthenticator("ClientId", "ClientSecret", response));</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var spotify = new SpotifyClient(config);</span></span></code></pre><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>For a real example, have a look at <ahref="https://github.com/JohnnyCrazy/SpotifyAPI-NET/tree/master/SpotifyAPI.Web.Examples/Example.ASP"target="_blank"rel="noopener noreferrer">Example.ASP</a>. This also uses the great package <code>AspNet.Security.OAuth.Spotify</code> which takes care of the OAuth flow inside of <code>ASP.NET</code>.</p><h2><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_2LWZ"id="using-spotifywebauth"></a>Using Spotify.Web.Auth<aclass="hash-link"href="#using-spotifywebauth"title="Direct link to heading">#</a></h2><p>For cross-platform CLI and desktop apps (non <code>UWP</code> apps), <code>Spotify.Web.Auth</code> can be used to supply a small embedded Web Server for the code retrieval.</p><divclass="admonition admonition-warning alert alert--danger"><divclass="admonition-heading"><h5><spanclass="admonition-icon"><svgxmlns="http://www.w3.org/2000/svg"width="12"height="16"viewBox="0 0 12 16"><pathfill-rule="evenodd"d="M5.05.31c.81 2.17.41 3.38-.52 4.31C3.55 5.67 1.98 6.45.9 7.98c-1.45 2.05-1.7 6.53 3.53 7.7-2.2-1.16-2.67-4.52-.3-6.61-.61 2.03.53 3.33 1.94 2.86 1.39-.47 2.3.53 2.27 1.67-.02.78-.31 1.44-1.13 1.81 3.42-.59 4.78-3.42 4.78-5.56 0-2.84-2.53-3.22-1.25-5.61-1.52.13-2.03 1.13-1.89 2.75.09 1.08-1.02 1.8-1.86 1.33-.67-.41-.66-1.19-.06-1.78C8.18 5.31 8.68 2.45 5.05.32L5.03.3l.02.01z"></path></svg></span>warning</h5></div><divclass="admonition-content"><p>Your client secret will be exposed when embedded in a desktop/CLI app. This can be abused and is not prefered. If possible, let the user create an application in the Spotify dashboard or let a server handle the Spotify communication.</p></div></div><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly csharp"><pretabindex="0"class="prism-code language-csharp codeBlock_23N8 thin-scrollbar"style="color:#bfc7d5;background-color:#292d3e"><codeclass="codeBlockLines_39YC"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">private static EmbedIOAuthServer _server;</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">public static async Task Main()</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">{</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Make sure "http://localhost:5000/callback" is in your spotify application as redirect uri!</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> _server = new EmbedIOAuthServer(new Uri("http://localhost:5000/callback"), 5000);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> await _server.Start();</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var config = SpotifyClientConfig.CreateDefault();</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var tokenResponse = await new OAuthClient(config).RequestToken(</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new AuthorizationCodeTokenRequest(</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">"ClientId", "ClientSecret", response.Code, new Uri("http://localhost:5000/callback")</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> )</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> );</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var spotify = new SpotifyClient(tokenResponse.AccessToken);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // do calls with Spotify and save token?</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">}</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">