<titledata-react-helmet="true">PKCE | SpotifyAPI-NET</title><metadata-react-helmet="true"name="docsearch:version"content="next"><metadata-react-helmet="true"name="twitter:card"content="summary_large_image"><metadata-react-helmet="true"property="og:title"content="PKCE | SpotifyAPI-NET"><metadata-react-helmet="true"name="description"content="The authorization code flow with PKCE is the best option for mobile and desktop applications where it is unsafe to store your client secret. It provides your app with an access token that can be refreshed. For further information about this flow, see IETF RFC-7636."><metadata-react-helmet="true"property="og:description"content="The authorization code flow with PKCE is the best option for mobile and desktop applications where it is unsafe to store your client secret. It provides your app with an access token that can be refreshed. For further information about this flow, see IETF RFC-7636."><metadata-react-helmet="true"property="og:url"content="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/next/pkce"><linkdata-react-helmet="true"rel="shortcut icon"href="/SpotifyAPI-NET/img/favicon.ico"><linkdata-react-helmet="true"rel="canonical"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/next/pkce"><linkrel="stylesheet"href="/SpotifyAPI-NET/styles.8a053330.css">
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// Generates a secure random verifier of length 120 and its challenge</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var (verifier, challenge) = PKCEUtil.GenerateCodes(120);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// Returns the passed string and its challenge (Make sure it's random and long enough)</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var (verifier, challenge) = PKCEUtil.GenerateCodes("YourSecureRandomString");</span></div></div></div></div></div><h2><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_ZqCz"id="generating-login-uri"></a>Generating Login URI<aaria-hidden="true"tabindex="-1"class="hash-link"href="#generating-login-uri"title="Direct link to heading">#</a></h2><p>Like most auth flows, you'll need to redirect your user to spotify's servers so he is able to grant access to your application:</p><divclass="mdxCodeBlock_iHAB"><divclass="codeBlockContent_32p_"><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_1BYj">Copy</button><divtabindex="0"class="prism-code language-csharp codeBlock_19pQ"><divclass="codeBlockLines_2n9r"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// Make sure "http://localhost:5000/callback" is in your applications redirect URIs!</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var loginRequest = new LoginRequest(</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new Uri("http://localhost:5000/callback"),</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">"YourClientId",</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> LoginRequest.ResponseType.Code</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">)</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">{</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> CodeChallengeMethod = "S256",</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> CodeChallenge = challenge,</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> Scope = new[] { Scopes.PlaylistReadPrivate, Scopes.PlaylistReadCollaborative }</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">};</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var uri = loginRequest.ToUri();</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// Redirect user to uri via your favorite web-server or open a local browser window</span></div></div></div></div></div><p>When the user is redirected to the generated uri, he will have to login with his spotify account and confirm, that your application wants to access his user data. Once confirmed, he will be redirect to <code>http://localhost:5000/callback</code> and a <code>code</code> parameter is attached to the query. The redirect URI can also contain a custom protocol paired with UWP App Custom Protocol handler. This received <code>code</code> has to be exchanged for an <code>access_token</code> and <code>refresh_token</code>:</p><divclass="mdxCodeBlock_iHAB"><divclass="codeBlockContent_32p_"><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_1BYj">Copy</button><divtabindex="0"class="prism-code language-csharp codeBlock_19pQ"><divclass="codeBlockLines_2n9r"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// This method should be called from your web-server when the user visits "http://localhost:5000/callback"</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">public Task GetCallback(string code)</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">{</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Note that we use the verifier calculated above!</
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var spotify = new SpotifyClient(initialResponse.AccessToken);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Also important for later: response.RefreshToken</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">}</span></div></div></div></div></div><p>With PKCE you can also refresh tokens once they're expired:</p><divclass="mdxCodeBlock_iHAB"><divclass="codeBlockContent_32p_"><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_1BYj">Copy</button><divtabindex="0"class="prism-code language-csharp codeBlock_19pQ"><divclass="codeBlockLines_2n9r"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var newResponse = await new OAuthClient().RequestToken(</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new PKCETokenRefreshRequest("ClientId", initialResponse.RefreshToken)</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var spotify = new SpotifyClient(newResponse.AccessToken);</span></div></div></div></div></div><p>If you do not want to take care of manually refreshing tokens, you can use <code>PKCEAuthenticator</code>:</p><divclass="mdxCodeBlock_iHAB"><divclass="codeBlockContent_32p_"><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_1BYj">Copy</button><divtabindex="0"class="prism-code language-csharp codeBlock_19pQ"><divclass="codeBlockLines_2n9r"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var authenticator = new PKCEAuthenticator(clientId, initialResponse);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">