2015-07-09 11:48:09 +01:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "author" content = "JohnnyCrazy" >
< link rel = "shortcut icon" href = "../../img/favicon.ico" >
< title > Authentication - SpotifyAPI-NET< / title >
< link href = "../../css/bootstrap-custom.min.css" rel = "stylesheet" >
< link href = "../../css/font-awesome-4.0.3.css" rel = "stylesheet" >
< link href = "../../css/prettify-1.0.css" rel = "stylesheet" >
< link href = "../../css/base.css" rel = "stylesheet" >
< link rel = "stylesheet" href = "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/8.6/styles/agate.min.css" >
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- [if lt IE 9]>
< script src = "https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js" > < / script >
< script src = "https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js" > < / script >
<![endif]-->
< / head >
< body >
< div class = "navbar navbar-default navbar-fixed-top" role = "navigation" >
< div class = "container" >
<!-- Collapsed navigation -->
< div class = "navbar-header" >
<!-- Expander button -->
< button type = "button" class = "navbar-toggle" data-toggle = "collapse" data-target = ".navbar-collapse" >
< span class = "sr-only" > Toggle navigation< / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / button >
<!-- Main title -->
< a class = "navbar-brand" href = "../.." > SpotifyAPI-NET< / a >
< / div >
<!-- Expanded navigation -->
< div class = "navbar-collapse collapse" >
<!-- Main navigation -->
< ul class = "nav navbar-nav" >
< li >
< a href = "../.." > Home< / a >
< / li >
< li class = "dropdown active" >
2015-07-26 15:22:35 +01:00
< a href = "#" class = "dropdown-toggle" data-toggle = "dropdown" > SpotifyWebAPI < b class = "caret" > < / b > < / a >
2015-07-09 11:48:09 +01:00
< ul class = "dropdown-menu" >
< li >
< a href = "../gettingstarted/" > Getting started< / a >
< / li >
< li >
< a href = "../examples/" > Examples< / a >
< / li >
< li class = "active" >
< a href = "./" > Authentication< / a >
< / li >
< li >
< a href = "../albums/" > - Albums< / a >
< / li >
< li >
< a href = "../artists/" > - Artists< / a >
< / li >
2015-07-23 20:44:05 +01:00
< li >
< a href = "../browse/" > - Browse< / a >
< / li >
< li >
< a href = "../follow/" > - Follow< / a >
< / li >
< li >
< a href = "../library/" > - Library< / a >
< / li >
< li >
< a href = "../playlists/" > - Playlists< / a >
< / li >
2015-07-26 15:22:35 +01:00
< li >
< a href = "../profiles/" > - Profiles< / a >
< / li >
< li >
< a href = "../search/" > - Search< / a >
< / li >
< li >
< a href = "../tracks/" > - Tracks< / a >
< / li >
2015-11-07 19:45:15 +00:00
< li >
< a href = "../util/" > - Util< / a >
< / li >
2015-07-09 11:48:09 +01:00
< / ul >
< / li >
< li class = "dropdown" >
2015-07-26 15:22:35 +01:00
< a href = "#" class = "dropdown-toggle" data-toggle = "dropdown" > SpotifyLocalAPI < b class = "caret" > < / b > < / a >
2015-07-09 11:48:09 +01:00
< ul class = "dropdown-menu" >
< li >
2016-08-25 23:59:32 +01:00
< a href = "../../SpotifyLocalAPI/" > Getting started< / a >
2015-07-09 11:48:09 +01:00
< / li >
< / ul >
< / li >
< / ul >
<!-- Search, Navigation and Repo links -->
< ul class = "nav navbar-nav navbar-right" >
< li >
< a rel = "next" href = "../examples/" >
< i class = "fa fa-arrow-left" > < / i > Previous
< / a >
< / li >
< li >
2015-07-26 15:22:35 +01:00
< a rel = "prev" href = "../albums/" >
2015-07-09 11:48:09 +01:00
Next < i class = "fa fa-arrow-right" > < / i >
< / a >
< / li >
< li >
< a href = "https://github.com/JohnnyCrazy/SpotifyAPI-NET" >
< i class = "fa fa-github" > < / i >
GitHub
< / a >
< / li >
< / ul >
< / div >
< / div >
< / div >
< div class = "container" >
< div class = "col-md-3" > < div class = "bs-sidebar hidden-print affix well" role = "complementary" style = "height=90%;" >
< ul class = "nav bs-sidenav" >
< li class = "main active" > < a href = "#auth-methods" > Auth-Methods< / a > < / li >
< li > < a href = "#implicitgrantauth" > ImplicitGrantAuth< / a > < / li >
< li > < a href = "#autorizationcodeauth" > AutorizationCodeAuth< / a > < / li >
< li > < a href = "#clientcredentialsauth" > ClientCredentialsAuth< / a > < / li >
2015-07-26 15:22:35 +01:00
< li class = "main " > < a href = "#scopes" > Scopes< / a > < / li >
2015-07-09 11:48:09 +01:00
< / ul >
< / div > < / div >
< div class = "col-md-9" role = "main" >
< h1 id = "auth-methods" > Auth-Methods< / h1 >
< p > Before you can use the Web API full functional, you need the user to authenticate your Application.< br / >
If you want to know more, you can read to the whole auth-process < a href = "https://developer.spotify.com/web-api/authorization-guide/" > here< / a > .< / p >
< p > Before you start, you need to create a Application at Spotify: < a href = "https://developer.spotify.com/my-applications/#!/applications" > Your Applications< / a > < / p >
< hr / >
< p > After you created your Application, you will have following important values: < / p >
< blockquote >
< p > < strong > Client_Id< / strong > This is your client_id, you don't have to hide it< br / >
< strong > Client_Secret< / strong > Never use this in one of your client-side apps!! Keep it secret!< br / >
< strong > Redirect URIs< / strong > Add "http://localhost", if you want full support for this API < / p >
< / blockquote >
< p > Now you can start with the User-authentication, Spotify provides 3 ways:< / p >
< ul >
< li >
2015-07-26 15:25:44 +01:00
< p > < a href = "../../SpotifyWebAPI/auth#implicitgrantauth" > ImplicitGrantAuth< / a > (< strong > Recommended< / strong > , no server-side code needed) < / p >
2015-07-09 11:48:09 +01:00
< / li >
< li >
2015-07-26 15:25:44 +01:00
< p > < a href = "../../SpotifyWebAPI/auth#autorizationcodeauth" > AutorizationCodeAuth< / a > (Not Recommended, Server-side code needed, else it's unsecure)< / p >
2015-07-09 11:48:09 +01:00
< / li >
< li >
2015-07-26 15:25:44 +01:00
< p > < a href = "../../SpotifyWebAPI/auth#clientcredentialsauth" > ClientCredentialsAuth< / a > (Not Recommended, Server-side code needed, else it's unsecure) < / p >
2015-07-09 11:48:09 +01:00
< / li >
< / ul >
2015-07-23 20:44:05 +01:00
< p > < strong > Note:< / strong > I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.
2015-07-09 11:48:09 +01:00
When using ImplicitGrantAuth, another user could abuse the "localhost" RedirectUri by creating a "fake"-app which uses your ClientId.< / p >
< p > Overview:
< img alt = "Overview" src = "http://i.imgur.com/uf3ahTl.png" / > < / p >
< p > After implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods< / p >
< h2 id = "implicitgrantauth" > ImplicitGrantAuth< / h2 >
< p > This way is < strong > recommended< / strong > and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.
You won't be able to refresh the token. If you want to use the internal Http server, please add "http://localhost" to your application redirects.< / p >
< p > More info: < a href = "https://developer.spotify.com/web-api/authorization-guide/#implicit_grant_flow" > here< / a > < / p >
2016-07-31 15:51:58 +01:00
< p > For this kind of authentication, there is also a < code > WebAPIFactory< / code > , it's easier to use and uses an async method:< / p >
< pre > < code > static async void Main(string[] args)
{
WebAPIFactory webApiFactory = new WebAPIFactory(
" http://localhost" ,
8000,
" XXXXXXXXXXXXXXXX" ,
Scope.UserReadPrivate,
TimeSpan.FromSeconds(20)
);
try
{
//This will open the user's browser and returns once
//the user is authorized.
_spotify = await webApiFactory.GetWebApi();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if (_spotify == null)
return;
}
< / code > < / pre >
< p > The old way:< / p >
2015-07-23 20:44:05 +01:00
< pre > < code > static ImplicitGrantAuth auth;
2015-07-09 11:48:09 +01:00
static void Main(string[] args)
{
//Create the auth object
auth = new ImplicitGrantAuth()
{
//Your client Id
ClientId = " XXXXXXXXXXXXXXXX" ,
//Set this to localhost if you want to use the built-in HTTP Server
RedirectUri = " http://localhost" ,
//How many permissions we need?
Scope = Scope.USER_READ_PRIVATE,
};
//Start the internal http server
auth.StartHttpServer();
//When we got our response
auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;
//Start
auth.DoAuth();
}
static void auth_OnResponseReceivedEvent(Token token, string state, string error)
{
//stop the http server
auth.StopHttpServer();
var spotify = new SpotifyWebApiClass()
{
TokenType = token.TokenType,
AccessToken = token.AccessToken
};
//We can now make calls with the token object
}
< / code > < / pre >
< h2 id = "autorizationcodeauth" > AutorizationCodeAuth< / h2 >
< p > This way is < strong > not recommended< / strong > and requires server-side code to run securely.< br / >
With this approach, you first get a code which you need to trade against the access-token.< br / >
In this exchange you need to provide your Client-Secret and because of that it's not recommended.< br / >
(But you can e.g exchange to codes via a PHP Script)< br / >
A good thing about this method: You can always refresh your token, without having the user to auth it again< / p >
< p > More info: < a href = "https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow" > here< / a > < / p >
2015-07-23 20:44:05 +01:00
< pre > < code > static AutorizationCodeAuth auth;
2015-07-09 11:48:09 +01:00
static void Main(string[] args)
{
//Create the auth object
auth = new AutorizationCodeAuth()
{
//Your client Id
ClientId = " XXXXXXXXXXXXXXX" ,
//Set this to localhost if you want to use the built-in HTTP Server
RedirectUri = " http://localhost" ,
//How many permissions we need?
Scope = Scope.USER_READ_PRIVATE,
};
//This will be called, if the user cancled/accept the auth-request
auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;
//a local HTTP Server will be started (Needed for the response)
auth.StartHttpServer();
//This will open the spotify auth-page. The user can decline/accept the request
auth.DoAuth();
Thread.Sleep(60000);
auth.StopHttpServer();
Console.WriteLine(" Too long, didnt respond, exiting now..." );
}
private static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)
{
//Stop the HTTP Server, done.
auth.StopHttpServer();
//NEVER DO THIS! You would need to provide the ClientSecret.
//You would need to do it e.g via a PHP-Script.
Token token = auth.ExchangeAuthCode(response.Code, " XXXXXXXXXXX" );
var spotify = new SpotifyWebApiClass()
{
TokenType = token.TokenType,
AccessToken = token.AccessToken
};
//With the token object, you can now make API calls
}
< / code > < / pre >
< h2 id = "clientcredentialsauth" > ClientCredentialsAuth< / h2 >
< p > This way is < strong > not recommended< / strong > and requires server-side code to run securely.< br / >
With this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.< br / >
If you want to use it securely, you would need to do it all server-side.< br / >
< strong > NOTE:< / strong > You will only be able to query non-user-related information e.g search for a Track.< / p >
< p > More info: < a href = "https://developer.spotify.com/web-api/authorization-guide/#client_credentials_flow" > here< / a > < / p >
2015-07-23 20:44:05 +01:00
< pre > < code > static ClientCredentialsAuth auth;
2015-07-09 11:48:09 +01:00
static void Main(string[] args)
{
//Create the auth object
auth = new ClientCredentialsAuth()
{
//Your client Id
ClientId = " XXXXXXXXXXXXXXX" ,
//Your client secret UNSECURE!!
ClientSecret = " XXXXXXXXXXXX" ,
//How many permissions we need?
Scope = Scope.USER_READ_PRIVATE,
};
2015-07-23 20:44:05 +01:00
//With this token object, we now can make calls
2015-07-09 11:48:09 +01:00
Token token = auth.DoAuth();
var spotify = new SpotifyWebApiClass()
{
TokenType = token.TokenType,
AccessToken = token.AccessToken,
UseAuth = false
};
}
2015-07-26 15:22:35 +01:00
< / code > < / pre >
< h1 id = "scopes" > Scopes< / h1 > < / div >
2015-07-09 11:48:09 +01:00
< / div >
< script src = "https://code.jquery.com/jquery-1.10.2.min.js" > < / script >
< script src = "../../js/bootstrap-3.0.3.min.js" > < / script >
< script src = "../../js/base.js" > < / script >
2016-08-25 19:42:18 +01:00
< script src = "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/8.4/highlight.min.js" > < / script >
2015-07-09 11:48:09 +01:00
< script src = "../../highlight.js" > < / script >
< / body >
< / html >