This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application. You won't be able to refresh the token. If you want to use the internal Http server, please add "http://localhost" to your application redirects.
More info: here
+For this kind of authentication, there is also a WebAPIFactory, it's easier to use and uses an async method:
static async void Main(string[] args)
+{
+ WebAPIFactory webApiFactory = new WebAPIFactory(
+ "http://localhost",
+ 8000,
+ "XXXXXXXXXXXXXXXX",
+ Scope.UserReadPrivate,
+ TimeSpan.FromSeconds(20)
+ );
+
+ try
+ {
+ //This will open the user's browser and returns once
+ //the user is authorized.
+ _spotify = await webApiFactory.GetWebApi();
+ }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ }
+
+ if (_spotify == null)
+ return;
+}
+The old way:
static ImplicitGrantAuth auth;
static void Main(string[] args)
{
diff --git a/mkdocs/search_index.json b/mkdocs/search_index.json
index 554246df..5ce983b2 100644
--- a/mkdocs/search_index.json
+++ b/mkdocs/search_index.json
@@ -127,7 +127,7 @@
},
{
"location": "/SpotifyWebAPI/auth/",
- "text": "Auth-Methods\n\n\nBefore you can use the Web API full functional, you need the user to authenticate your Application.\n\nIf you want to know more, you can read to the whole auth-process \nhere\n.\n\n\nBefore you start, you need to create a Application at Spotify: \nYour Applications\n\n\n\n\nAfter you created your Application, you will have following important values: \n\n\n\n\nClient_Id\n This is your client_id, you don't have to hide it\n\n\nClient_Secret\n Never use this in one of your client-side apps!! Keep it secret!\n\n\nRedirect URIs\n Add \"http://localhost\", if you want full support for this API \n\n\n\n\nNow you can start with the User-authentication, Spotify provides 3 ways:\n\n\n\n\n\n\nImplicitGrantAuth\n (\nRecommended\n, no server-side code needed) \n\n\n\n\n\n\nAutorizationCodeAuth\n (Not Recommended, Server-side code needed, else it's unsecure)\n\n\n\n\n\n\nClientCredentialsAuth\n (Not Recommended, Server-side code needed, else it's unsecure) \n\n\n\n\n\n\nNote:\n I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.\nWhen using ImplicitGrantAuth, another user could abuse the \"localhost\" RedirectUri by creating a \"fake\"-app which uses your ClientId.\n\n\nOverview:\n\n\n\nAfter implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods\n\n\nImplicitGrantAuth\n\n\nThis way is \nrecommended\n and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects.\n\n\nMore info: \nhere\n\n\nstatic ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}\n\n\n\n\nAutorizationCodeAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you first get a code which you need to trade against the access-token.\n\nIn this exchange you need to provide your Client-Secret and because of that it's not recommended.\n\n(But you can e.g exchange to codes via a PHP Script)\n\nA good thing about this method: You can always refresh your token, without having the user to auth it again\n\n\nMore info: \nhere\n\n\nstatic AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine(\nToo long, didnt respond, exiting now...\n);\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, \nXXXXXXXXXXX\n);\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n}\n\n\n\n\nClientCredentialsAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.\n\nIf you want to use it securely, you would need to do it all server-side.\n\n\nNOTE:\n You will only be able to query non-user-related information e.g search for a Track.\n\n\nMore info: \nhere\n\n\nstatic ClientCredentialsAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ClientCredentialsAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Your client secret UNSECURE!!\n ClientSecret = \nXXXXXXXXXXXX\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //With this token object, we now can make calls\n Token token = auth.DoAuth();\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken,\n UseAuth = false\n };\n}\n\n\n\n\nScopes",
+ "text": "Auth-Methods\n\n\nBefore you can use the Web API full functional, you need the user to authenticate your Application.\n\nIf you want to know more, you can read to the whole auth-process \nhere\n.\n\n\nBefore you start, you need to create a Application at Spotify: \nYour Applications\n\n\n\n\nAfter you created your Application, you will have following important values: \n\n\n\n\nClient_Id\n This is your client_id, you don't have to hide it\n\n\nClient_Secret\n Never use this in one of your client-side apps!! Keep it secret!\n\n\nRedirect URIs\n Add \"http://localhost\", if you want full support for this API \n\n\n\n\nNow you can start with the User-authentication, Spotify provides 3 ways:\n\n\n\n\n\n\nImplicitGrantAuth\n (\nRecommended\n, no server-side code needed) \n\n\n\n\n\n\nAutorizationCodeAuth\n (Not Recommended, Server-side code needed, else it's unsecure)\n\n\n\n\n\n\nClientCredentialsAuth\n (Not Recommended, Server-side code needed, else it's unsecure) \n\n\n\n\n\n\nNote:\n I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.\nWhen using ImplicitGrantAuth, another user could abuse the \"localhost\" RedirectUri by creating a \"fake\"-app which uses your ClientId.\n\n\nOverview:\n\n\n\nAfter implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods\n\n\nImplicitGrantAuth\n\n\nThis way is \nrecommended\n and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects.\n\n\nMore info: \nhere\n\n\nFor this kind of authentication, there is also a \nWebAPIFactory\n, it's easier to use and uses an async method:\n\n\nstatic async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n \nhttp://localhost\n,\n 8000,\n \nXXXXXXXXXXXXXXXX\n,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n}\n\n\n\n\nThe old way:\n\n\nstatic ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}\n\n\n\n\nAutorizationCodeAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you first get a code which you need to trade against the access-token.\n\nIn this exchange you need to provide your Client-Secret and because of that it's not recommended.\n\n(But you can e.g exchange to codes via a PHP Script)\n\nA good thing about this method: You can always refresh your token, without having the user to auth it again\n\n\nMore info: \nhere\n\n\nstatic AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine(\nToo long, didnt respond, exiting now...\n);\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, \nXXXXXXXXXXX\n);\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n}\n\n\n\n\nClientCredentialsAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.\n\nIf you want to use it securely, you would need to do it all server-side.\n\n\nNOTE:\n You will only be able to query non-user-related information e.g search for a Track.\n\n\nMore info: \nhere\n\n\nstatic ClientCredentialsAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ClientCredentialsAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Your client secret UNSECURE!!\n ClientSecret = \nXXXXXXXXXXXX\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //With this token object, we now can make calls\n Token token = auth.DoAuth();\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken,\n UseAuth = false\n };\n}\n\n\n\n\nScopes",
"title": "Authentication"
},
{
@@ -137,7 +137,7 @@
},
{
"location": "/SpotifyWebAPI/auth/#implicitgrantauth",
- "text": "This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects. More info: here static ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}",
+ "text": "This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects. More info: here For this kind of authentication, there is also a WebAPIFactory , it's easier to use and uses an async method: static async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n http://localhost ,\n 8000,\n XXXXXXXXXXXXXXXX ,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n} The old way: static ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}",
"title": "ImplicitGrantAuth"
},
{
diff --git a/sitemap.xml b/sitemap.xml
index a8325060..0ba875fa 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -4,7 +4,7 @@
None/
- 2016-04-04
+ 2016-07-31
daily
@@ -13,79 +13,79 @@
None/SpotifyWebAPI/gettingstarted/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/examples/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/auth/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/albums/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/artists/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/browse/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/follow/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/library/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/playlists/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/profiles/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/search/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/tracks/
- 2016-04-04
+ 2016-07-31
daily
None/SpotifyWebAPI/util/
- 2016-04-04
+ 2016-07-31
daily
@@ -95,7 +95,7 @@
None/SpotifyLocalAPI/
- 2016-04-04
+ 2016-07-31
daily