diff --git a/SpotifyWebAPI/auth/index.html b/SpotifyWebAPI/auth/index.html index b2559c67..1a0af129 100644 --- a/SpotifyWebAPI/auth/index.html +++ b/SpotifyWebAPI/auth/index.html @@ -258,15 +258,15 @@ static void Main(string[] args) static void auth_OnResponseReceivedEvent(Token token, string state, string error) { - //stop the http server - auth.StopHttpServer(); - var spotify = new SpotifyWebApiClass() { TokenType = token.TokenType, AccessToken = token.AccessToken }; //We can now make calls with the token object + + //stop the http server + auth.StopHttpServer(); } @@ -304,8 +304,6 @@ static void Main(string[] args) private static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response) { - //Stop the HTTP Server, done. - auth.StopHttpServer(); //NEVER DO THIS! You would need to provide the ClientSecret. //You would need to do it e.g via a PHP-Script. @@ -318,6 +316,9 @@ private static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse re }; //With the token object, you can now make API calls + + //Stop the HTTP Server, done. + auth.StopHttpServer(); } diff --git a/mkdocs/search_index.json b/mkdocs/search_index.json index 0b2fd831..8c6e4f91 100644 --- a/mkdocs/search_index.json +++ b/mkdocs/search_index.json @@ -132,7 +132,7 @@ }, { "location": "/SpotifyWebAPI/auth/", - "text": "Auth-Methods\n\n\nBefore you can use the Web API full functional, you need the user to authenticate your Application.\n\nIf you want to know more, you can read to the whole auth-process \nhere\n.\n\n\nBefore you start, you need to create a Application at Spotify: \nYour Applications\n\n\n\n\nAfter you created your Application, you will have following important values: \n\n\n\n\nClient_Id\n This is your client_id, you don't have to hide it\n\n\nClient_Secret\n Never use this in one of your client-side apps!! Keep it secret!\n\n\nRedirect URIs\n Add \"http://localhost\", if you want full support for this API \n\n\n\n\nNow you can start with the User-authentication, Spotify provides 3 ways:\n\n\n\n\n\n\nImplicitGrantAuth\n (\nRecommended\n, no server-side code needed) \n\n\n\n\n\n\nAutorizationCodeAuth\n (Not Recommended, Server-side code needed, else it's unsecure)\n\n\n\n\n\n\nClientCredentialsAuth\n (Not Recommended, Server-side code needed, else it's unsecure) \n\n\n\n\n\n\nNote:\n I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.\nWhen using ImplicitGrantAuth, another user could abuse the \"localhost\" RedirectUri by creating a \"fake\"-app which uses your ClientId.\n\n\nOverview:\n\n\n\nAfter implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods\n\n\nImplicitGrantAuth\n\n\nThis way is \nrecommended\n and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects.\n\n\nMore info: \nhere\n\n\nFor this kind of authentication, there is also a \nWebAPIFactory\n, it's easier to use and uses an async method:\n\n\nstatic async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n \nhttp://localhost\n,\n 8000,\n \nXXXXXXXXXXXXXXXX\n,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n}\n\n\n\n\nThe old way:\n\n\nstatic ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}\n\n\n\n\nAutorizationCodeAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you first get a code which you need to trade against the access-token.\n\nIn this exchange you need to provide your Client-Secret and because of that it's not recommended.\n\n(But you can e.g exchange to codes via a PHP Script)\n\nA good thing about this method: You can always refresh your token, without having the user to auth it again\n\n\nMore info: \nhere\n\n\nstatic AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine(\nToo long, didnt respond, exiting now...\n);\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, \nXXXXXXXXXXX\n);\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n}\n\n\n\n\nClientCredentialsAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.\n\nIf you want to use it securely, you would need to do it all server-side.\n\n\nNOTE:\n You will only be able to query non-user-related information e.g search for a Track.\n\n\nMore info: \nhere\n\n\nstatic ClientCredentialsAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ClientCredentialsAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Your client secret UNSECURE!!\n ClientSecret = \nXXXXXXXXXXXX\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //With this token object, we now can make calls\n Token token = auth.DoAuth();\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken,\n UseAuth = false\n };\n}\n\n\n\n\nScopes", + "text": "Auth-Methods\n\n\nBefore you can use the Web API full functional, you need the user to authenticate your Application.\n\nIf you want to know more, you can read to the whole auth-process \nhere\n.\n\n\nBefore you start, you need to create a Application at Spotify: \nYour Applications\n\n\n\n\nAfter you created your Application, you will have following important values: \n\n\n\n\nClient_Id\n This is your client_id, you don't have to hide it\n\n\nClient_Secret\n Never use this in one of your client-side apps!! Keep it secret!\n\n\nRedirect URIs\n Add \"http://localhost\", if you want full support for this API \n\n\n\n\nNow you can start with the User-authentication, Spotify provides 3 ways:\n\n\n\n\n\n\nImplicitGrantAuth\n (\nRecommended\n, no server-side code needed) \n\n\n\n\n\n\nAutorizationCodeAuth\n (Not Recommended, Server-side code needed, else it's unsecure)\n\n\n\n\n\n\nClientCredentialsAuth\n (Not Recommended, Server-side code needed, else it's unsecure) \n\n\n\n\n\n\nNote:\n I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.\nWhen using ImplicitGrantAuth, another user could abuse the \"localhost\" RedirectUri by creating a \"fake\"-app which uses your ClientId.\n\n\nOverview:\n\n\n\nAfter implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods\n\n\nImplicitGrantAuth\n\n\nThis way is \nrecommended\n and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects.\n\n\nMore info: \nhere\n\n\nFor this kind of authentication, there is also a \nWebAPIFactory\n, it's easier to use and uses an async method:\n\n\nstatic async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n \nhttp://localhost\n,\n 8000,\n \nXXXXXXXXXXXXXXXX\n,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n}\n\n\n\n\nThe old way:\n\n\nstatic ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n\n //stop the http server\n auth.StopHttpServer();\n}\n\n\n\n\nAutorizationCodeAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you first get a code which you need to trade against the access-token.\n\nIn this exchange you need to provide your Client-Secret and because of that it's not recommended.\n\n(But you can e.g exchange to codes via a PHP Script)\n\nA good thing about this method: You can always refresh your token, without having the user to auth it again\n\n\nMore info: \nhere\n\n\nstatic AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine(\nToo long, didnt respond, exiting now...\n);\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, \nXXXXXXXXXXX\n);\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n}\n\n\n\n\nClientCredentialsAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.\n\nIf you want to use it securely, you would need to do it all server-side.\n\n\nNOTE:\n You will only be able to query non-user-related information e.g search for a Track.\n\n\nMore info: \nhere\n\n\nstatic ClientCredentialsAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ClientCredentialsAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Your client secret UNSECURE!!\n ClientSecret = \nXXXXXXXXXXXX\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //With this token object, we now can make calls\n Token token = auth.DoAuth();\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken,\n UseAuth = false\n };\n}\n\n\n\n\nScopes", "title": "Authentication" }, { @@ -142,12 +142,12 @@ }, { "location": "/SpotifyWebAPI/auth/#implicitgrantauth", - "text": "This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects. More info: here For this kind of authentication, there is also a WebAPIFactory , it's easier to use and uses an async method: static async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n http://localhost ,\n 8000,\n XXXXXXXXXXXXXXXX ,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n} The old way: static ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}", + "text": "This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects. More info: here For this kind of authentication, there is also a WebAPIFactory , it's easier to use and uses an async method: static async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n http://localhost ,\n 8000,\n XXXXXXXXXXXXXXXX ,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n} The old way: static ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n\n //stop the http server\n auth.StopHttpServer();\n}", "title": "ImplicitGrantAuth" }, { "location": "/SpotifyWebAPI/auth/#autorizationcodeauth", - "text": "This way is not recommended and requires server-side code to run securely. \nWith this approach, you first get a code which you need to trade against the access-token. \nIn this exchange you need to provide your Client-Secret and because of that it's not recommended. \n(But you can e.g exchange to codes via a PHP Script) \nA good thing about this method: You can always refresh your token, without having the user to auth it again More info: here static AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine( Too long, didnt respond, exiting now... );\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, XXXXXXXXXXX );\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n}", + "text": "This way is not recommended and requires server-side code to run securely. \nWith this approach, you first get a code which you need to trade against the access-token. \nIn this exchange you need to provide your Client-Secret and because of that it's not recommended. \n(But you can e.g exchange to codes via a PHP Script) \nA good thing about this method: You can always refresh your token, without having the user to auth it again More info: here static AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine( Too long, didnt respond, exiting now... );\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, XXXXXXXXXXX );\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n}", "title": "AutorizationCodeAuth" }, { diff --git a/sitemap.xml b/sitemap.xml index d4be1a2d..24e3dbd9 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -4,7 +4,7 @@ / - 2017-09-03 + 2017-09-30 daily @@ -13,85 +13,85 @@ /SpotifyWebAPI/gettingstarted/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/examples/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/auth/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/albums/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/artists/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/browse/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/follow/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/library/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/player/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/playlists/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/profiles/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/search/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/tracks/ - 2017-09-03 + 2017-09-30 daily /SpotifyWebAPI/util/ - 2017-09-03 + 2017-09-30 daily @@ -100,7 +100,7 @@ /SpotifyLocalAPI/ - 2017-09-03 + 2017-09-30 daily