(window.webpackJsonp=window.webpackJsonp||[]).push([[6],{134:function(e,t,n){"use strict";n.r(t),n.d(t,"frontMatter",(function(){returni})),n.d(t,"metadata",(function(){returns})),n.d(t,"rightToc",(function(){returnc})),n.d(t,"default",(function(){returnl}));varr=n(2),o=n(9),a=(n(0),n(185)),i={id:"token_swap",title:"Token Swap"},s={id:"version-5.1.1/auth/token_swap",title:"Token Swap",description:"This way uses server-side code or at least access to an exchange server, otherwise, compared to other",source:"@site/versioned_docs/version-5.1.1/auth/token_swap.md",permalink:"/SpotifyAPI-NET/docs/auth/token_swap",editUrl:"https://github.com/JohnnyCrazy/SpotifyAPI-NET/edit/master/SpotifyAPI.Docs/versioned_docs/version-5.1.1/auth/token_swap.md",version:"5.1.1",lastUpdatedBy:"Jonas Dellinger",lastUpdatedAt:1591288459,sidebar:"version-5.1.1/someSidebar",previous:{title:"Client Credentials",permalink:"/SpotifyAPI-NET/docs/auth/client_credentials"}},c=[{value:"Using TokenSwapWebAPIFactory",id:"using-tokenswapwebapifactory",children:[]},{value:"Using TokenSwapAuth",id:"using-tokenswapauth",children:[]},{value:"Token Swap Endpoint",id:"token-swap-endpoint",children:[]},{value:"Remarks",id:"remarks",children:[]}],p={rightToc:c};functionl(e){vart=e.components,n=Object(o.a)(e,["components"]);returnObject(a.b)("wrapper",Object(r.a)({},p,n,{components:t,mdxType:"MDXLayout"}),Object(a.b)("p",null,"This way uses server-side code or at least access to an exchange server, otherwise, compared to other\nmethods, it is impossible to use."),Object(a.b)("p",null,'With this approach, you provide the URI/URL to your desired exchange server to perform all necessary\nrequests to Spotify, as well as requests that return back to the "server URI".'),Object(a.b)("p",null,"The exchange server ",Object(a.b)("strong",{parentName:"p"},"must")," be able to:"),Object(a.b)("ul",null,Object(a.b)("li",{parentName:"ul"},'Return the authorization code from Spotify API authenticate page via GET request to the "server URI".'),Object(a.b)("li",{parentName:"ul"},"Request the token response object via POST to the Spotify API token page."),Object(a.b)("li",{parentName:"ul"},"Request a refreshed token response object via POST to the Spotify API token page.")),Object(a.b)("p",null,Object(a.b)("strong",{parentName:"p"},"The good news is that you do not need to code it yourself.")),Object(a.b)("p",null,"The advantages of this method are that the client ID and redirect URI are very well hidden and almost unexposed, but more importantly, your client secret is ",Object(a.b)("strong",{parentName:"p"},"never")," exposed and is completely hidden compared to other methods (excluding ",Object(a.b)("a",Object(r.a)({parentName:"p"},{href:"/SpotifyWebAPI/auth#implicitgrantauth"}),"ImplicitGrantAuth"),"\nas it does not deal with a client secret). This means\nyour Spotify app ",Object(a.b)("strong",{parentName:"p"},"cannot")," be spoofed by a malicious third party."),Object(a.b)("h2",{id:"using-tokenswapwebapifactory"},"Using TokenSwapWebAPIFactory"),Object(a.b)("p",null,"The TokenSwapWebAPIFactory will create and configure a SpotifyWebAPI object for you."),Object(a.b)("p",null,"It does this through the method GetWebApiAsync ",Object(a.b)("strong",{parentName:"p"},"asynchronously"),", which means it will not halt execution of your program while obtaining it for you. If you would like to halt execution, which is ",Object(a.b)("strong",{parentName:"p"},"synchronous"),", use ",Object(a.b)("inlineCode",{parentName:"p"},"GetWebApiAsync().Result")," without using ",Object(a.b)("strong",{parentName:"p"},"await"),"."),Object(a.b)("pre",null,Object(a.b)("code",Object(r.a)({parentName:"pre"},{className:"language-csharp"}),'TokenSwapWebAPIFactorywebApiFactory;\nSpotifyWebAPIspotify;\n\n// You should store a reference to WebAPIFactory if you are using AutoRefresh or want to manually refresh it later on. New WebAPIFactory objects cannot refresh SpotifyWebAPI object that they did not give to you.\nwebApiFactory = new TokenSwapWebAPIFactory("INSERT LINK TO YOUR index.php HERE")\n{\n Scope