Spotify.NET/docs/next/pkce/index.html

<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="generator" content="Docusaurus v2.0.0-alpha.56">
<title data-react-helmet="true">PKCE | SpotifyAPI-NET</title><meta data-react-helmet="true" name="docsearch:version" content="next"><meta data-react-helmet="true" name="twitter:card" content="summary_large_image"><meta data-react-helmet="true" property="og:title" content="PKCE | SpotifyAPI-NET"><meta data-react-helmet="true" name="description" content="The authorization code flow with PKCE is the best option for mobile and desktop applications where it is unsafe to store your client secret. It provides your app with an access token that can be refreshed. For further information about this flow, see IETF RFC-7636."><meta data-react-helmet="true" property="og:description" content="The authorization code flow with PKCE is the best option for mobile and desktop applications where it is unsafe to store your client secret. It provides your app with an access token that can be refreshed. For further information about this flow, see IETF RFC-7636."><meta data-react-helmet="true" property="og:url" content="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/next/pkce"><link data-react-helmet="true" rel="shortcut icon" href="/SpotifyAPI-NET/img/favicon.ico"><link data-react-helmet="true" rel="canonical" href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/next/pkce"><link rel="stylesheet" href="/SpotifyAPI-NET/styles.8a053330.css">
<link rel="preload" href="/SpotifyAPI-NET/styles.20e5fb07.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/runtime~main.9ece3c81.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/main.b4c50bf9.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/1.d763968b.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/2.c001a4a7.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/3.c31fd0fb.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/1be78505.6d7d8bd2.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/ad407b76.90023bdf.js" as="script">
<link rel="preload" href="/SpotifyAPI-NET/e3c15a47.d6038ea5.js" as="script">
</head>
<body>
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=window.matchMedia("(prefers-color-scheme: dark)"),n=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();null!==n?t(n):e.matches&&t("dark")}()</script><div id="__docusaurus">
<nav class="navbar navbar--light navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><div aria-label="Navigation bar toggle" class="navbar__toggle" role="button" tabindex="0"><svg xmlns="http://www.w3.org/2000/svg" width="30" height="30" viewBox="0 0 30 30" role="img" focusable="false"><title>Menu</title><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></div><a class="navbar__brand" href="/SpotifyAPI-NET/"><img class="navbar__logo" src="/SpotifyAPI-NET/img/logo.svg" alt="SpotifyAPI-NET"><strong class="navbar__title">SpotifyAPI-NET</strong></a><div class="navbar__item dropdown dropdown--hoverable dropdown--left"><a activeclassname="navbar__link--active" class="navbar__item navbar__link">Docs</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/SpotifyAPI-NET/docs/next/introduction">Latest/Next</a></li><li><a class="dropdown__link" href="/SpotifyAPI-NET/docs/home">5.1.1</a></li></ul></div><a class="navbar__item navbar__link" href="/SpotifyAPI-NET/news">News</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/JohnnyCrazy/SpotifyAPI-NET" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub</a><div class="react-toggle react-toggle--disabled displayOnlyInLargeViewport_1gtM"><div class="react-toggle-track"><div class="react-toggle-track-check"><span class="toggle_keGJ moon_1gwN"></span></div><div class="react-toggle-track-x"><span class="toggle_keGJ sun_3CPA"></span></div></div><div class="react-toggle-thumb"></div><input type="checkbox" disabled="" aria-label="Dark mode toggle" class="react-toggle-screenreader-only"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div><div class="navbar-sidebar"><div class="navbar-sidebar__brand"><a class="navbar__brand" href="/SpotifyAPI-NET/"><img class="navbar__logo" src="/SpotifyAPI-NET/img/logo.svg" alt="SpotifyAPI-NET"><strong class="navbar__title">SpotifyAPI-NET</strong></a></div><div class="navbar-sidebar__items"><div class="menu"><ul class="menu__list"><li class="menu__list-item"><a activeclassname="navbar__link--active" class="menu__link menu__link--sublist">Docs</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" href="/SpotifyAPI-NET/docs/next/introduction">Latest/Next</a></li><li class="menu__list-item"><a class="menu__link" href="/SpotifyAPI-NET/docs/home">5.1.1</a></li></ul></li><li class="menu__list-item"><a class="menu__link" href="/SpotifyAPI-NET/news">News</a></li><li class="menu__list-item"><a href="https://github.com/JohnnyCrazy/SpotifyAPI-NET" target="_blank" rel="noopener noreferrer" class="menu__link">GitHub</a></li></ul></div></div></div></nav><div class="main-wrapper"><div class="docPage_1kjD"><div class="docSidebarContainer_1cYp"><div class="sidebar_1kLs"><div class="menu menu--responsive menu_w2sC"><button aria-label="Open Menu" aria-haspopup="true" class="button button--secondary button--sm menu__button" type="button"><svg aria-label="Menu" class="sidebarMenuIcon_2vk4" xmlns="http://www.w3.org/2000/svg" height="24" width="24" viewBox="0 0 32 32" role="img" focusable="false"><title>Menu</title><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><ul class="menu__list"><li class="menu__list-item"><a class="menu__link menu__link--sublist menu__link--active" href="#!">SpotifyAPI-NET</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/SpotifyAPI-NET/docs/next/introduction">Introduction</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/SpotifyAPI-NET/docs/next/getting_started">Getting Started</a></li><li class="menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#!" tabindex="0">Guides</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/SpotifyAPI-NET/docs/next/error_handling">Error Handling</a></li>
</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">// Generates a secure random verifier of length 120 and its challenge</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var (verifier, challenge) = PKCEUtil.GenerateCodes(120);</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block">
</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">// Returns the passed string and its challenge (Make sure it&#x27;s random and long enough)</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var (verifier, challenge) = PKCEUtil.GenerateCodes(&quot;YourSecureRandomString&quot;);</span></div></div></div></div></div><h2><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_ZqCz" id="generating-login-uri"></a>Generating Login URI<a aria-hidden="true" tabindex="-1" class="hash-link" href="#generating-login-uri" title="Direct link to heading">#</a></h2><p>Like most auth flows, you&#x27;ll need to redirect your user to Spotify&#x27;s servers so they are able to grant access to your application:</p><div class="mdxCodeBlock_iHAB"><div class="codeBlockContent_32p_"><button type="button" aria-label="Copy code to clipboard" class="copyButton_1BYj">Copy</button><div tabindex="0" class="prism-code language-csharp codeBlock_19pQ"><div class="codeBlockLines_2n9r" style="color:#bfc7d5;background-color:#292d3e"><div class="token-line" style="color:#bfc7d5"><span class="token plain">// Make sure &quot;http://localhost:5000/callback&quot; is in your applications redirect URIs!</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var loginRequest = new LoginRequest(</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  new Uri(&quot;http://localhost:5000/callback&quot;),</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;YourClientId&quot;,</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  LoginRequest.ResponseType.Code</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">)</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">{</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  CodeChallengeMethod = &quot;S256&quot;,</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  CodeChallenge = challenge,</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  Scope = new[] { Scopes.PlaylistReadPrivate, Scopes.PlaylistReadCollaborative }</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">};</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var uri = loginRequest.ToUri();</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">// Redirect user to uri via your favorite web-server or open a local browser window</span></div></div></div></div></div><p>When the user is redirected to the generated uri, they will have to login with their Spotify account and confirm that your application wants to access their user data. Once confirmed, they will be redirected to <code>http://localhost:5000/callback</code> and a <code>code</code> parameter is attached to the query. The redirect URI can also contain a custom protocol paired with UWP App Custom Protocol handler. This received <code>code</code> has to be exchanged for an <code>access_token</code> and <code>refresh_token</code>:</p><div class="mdxCodeBlock_iHAB"><div class="codeBlockContent_32p_"><button type="button" aria-label="Copy code to clipboard" class="copyButton_1BYj">Copy</button><div tabindex="0" class="prism-code language-csharp codeBlock_19pQ"><div class="codeBlockLines_2n9r" style="color:#bfc7d5;background-color:#292d3e"><div class="token-line" style="color:#bfc7d5"><span class="token plain">// This method should be called from your web-server when the user visits &quot;http://localhost:5000/callback&quot;</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">public Task GetCallback(string code)</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">{</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  // Note that we use the verifier calcula
</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  var spotify = new SpotifyClient(initialResponse.AccessToken);</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  // Also important for later: response.RefreshToken</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">}</span></div></div></div></div></div><p>With PKCE you can also refresh tokens once they&#x27;re expired:</p><div class="mdxCodeBlock_iHAB"><div class="codeBlockContent_32p_"><button type="button" aria-label="Copy code to clipboard" class="copyButton_1BYj">Copy</button><div tabindex="0" class="prism-code language-csharp codeBlock_19pQ"><div class="codeBlockLines_2n9r" style="color:#bfc7d5;background-color:#292d3e"><div class="token-line" style="color:#bfc7d5"><span class="token plain">var newResponse = await new OAuthClient().RequestToken(</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  new PKCETokenRefreshRequest(&quot;ClientId&quot;, initialResponse.RefreshToken)</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">);</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block">
</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var spotify = new SpotifyClient(newResponse.AccessToken);</span></div></div></div></div></div><p>If you do not want to take care of manually refreshing tokens, you can use <code>PKCEAuthenticator</code>:</p><div class="mdxCodeBlock_iHAB"><div class="codeBlockContent_32p_"><button type="button" aria-label="Copy code to clipboard" class="copyButton_1BYj">Copy</button><div tabindex="0" class="prism-code language-csharp codeBlock_19pQ"><div class="codeBlockLines_2n9r" style="color:#bfc7d5;background-color:#292d3e"><div class="token-line" style="color:#bfc7d5"><span class="token plain">var authenticator = new PKCEAuthenticator(clientId, initialResponse);</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block">
</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var config = SpotifyClientConfig.CreateDefault()</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">  .WithAuthenticator(authenticator);</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">var spotify = new SpotifyClient(config);</span></div></div></div></div></div></div></article><div class="margin-vert--xl"><div class="row"><div class="col"><a href="https://github.com/JohnnyCrazy/SpotifyAPI-NET/edit/master/SpotifyAPI.Docs/docs/pkce.md" target="_blank" rel="noreferrer noopener"><svg fill="currentColor" height="1.2em" width="1.2em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 40 40" style="margin-right:0.3em;vertical-align:sub"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col text--right"><em><small>Last updated on <time datetime="2021-01-11T08:13:10.000Z" class="docLastUpdatedAt_1sqk">1/11/2021</time> by <strong>dependabot[bot]</strong></small></em></div></div></div><div class="margin-vert--lg"><nav class="pagination-nav"><div class="pagination-nav__item"><a class="pagination-nav__link" href="/SpotifyAPI-NET/docs/next/authorization_code"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">« Authorization Code</div></a></div><div class="pagination-nav__item pagination-nav__item--next"><a class="pagination-nav__link" href="/SpotifyAPI-NET/docs/next/token_swap"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Token Swap »</div></a></div></nav></div></div></div><div class="col col--3"><div class="tableOfContents_TbNY"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#generating-challenge--verifier" class="table-of-contents__link">Generating Challenge &amp; Verifier</a></li><li><a href="#generating-login-uri" class="table-of-contents__link">Generating Login URI</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container"><div class="text--center"><div>Copyright © 2021 Jonas Dellinger. Built with Docusaurus.</div></div></div></footer></div>
<script src="/SpotifyAPI-NET/styles.20e5fb07.js"></script>
<script src="/SpotifyAPI-NET/runtime~main.9ece3c81.js"></script>
<script src="/SpotifyAPI-NET/main.b4c50bf9.js"></script>
<script src="/SpotifyAPI-NET/1.d763968b.js"></script>
<script src="/SpotifyAPI-NET/2.c001a4a7.js"></script>
<script src="/SpotifyAPI-NET/3.c31fd0fb.js"></script>
<script src="/SpotifyAPI-NET/1be78505.6d7d8bd2.js"></script>
<script src="/SpotifyAPI-NET/ad407b76.90023bdf.js"></script>
<script src="/SpotifyAPI-NET/e3c15a47.d6038ea5.js"></script>
</body>
</html>