diff --git a/SpotifyWebAPI/auth/index.html b/SpotifyWebAPI/auth/index.html
index 48414bb2..b2559c67 100644
--- a/SpotifyWebAPI/auth/index.html
+++ b/SpotifyWebAPI/auth/index.html
@@ -246,7 +246,7 @@ static void Main(string[] args)
//Set this to localhost if you want to use the built-in HTTP Server
RedirectUri = "http://localhost",
//How many permissions we need?
- Scope = Scope.USER_READ_PRIVATE,
+ Scope = Scope.UserReadPrivate,
};
//Start the internal http server
auth.StartHttpServer();
diff --git a/mkdocs/search_index.json b/mkdocs/search_index.json
index 6dcc3721..80ac3816 100644
--- a/mkdocs/search_index.json
+++ b/mkdocs/search_index.json
@@ -132,7 +132,7 @@
},
{
"location": "/SpotifyWebAPI/auth/",
- "text": "Auth-Methods\n\n\nBefore you can use the Web API full functional, you need the user to authenticate your Application.\n\nIf you want to know more, you can read to the whole auth-process \nhere\n.\n\n\nBefore you start, you need to create a Application at Spotify: \nYour Applications\n\n\n\n\nAfter you created your Application, you will have following important values: \n\n\n\n\nClient_Id\n This is your client_id, you don't have to hide it\n\n\nClient_Secret\n Never use this in one of your client-side apps!! Keep it secret!\n\n\nRedirect URIs\n Add \"http://localhost\", if you want full support for this API \n\n\n\n\nNow you can start with the User-authentication, Spotify provides 3 ways:\n\n\n\n\n\n\nImplicitGrantAuth\n (\nRecommended\n, no server-side code needed) \n\n\n\n\n\n\nAutorizationCodeAuth\n (Not Recommended, Server-side code needed, else it's unsecure)\n\n\n\n\n\n\nClientCredentialsAuth\n (Not Recommended, Server-side code needed, else it's unsecure) \n\n\n\n\n\n\nNote:\n I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.\nWhen using ImplicitGrantAuth, another user could abuse the \"localhost\" RedirectUri by creating a \"fake\"-app which uses your ClientId.\n\n\nOverview:\n\n\n\nAfter implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods\n\n\nImplicitGrantAuth\n\n\nThis way is \nrecommended\n and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects.\n\n\nMore info: \nhere\n\n\nFor this kind of authentication, there is also a \nWebAPIFactory\n, it's easier to use and uses an async method:\n\n\nstatic async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n \nhttp://localhost\n,\n 8000,\n \nXXXXXXXXXXXXXXXX\n,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n}\n\n\n\n\nThe old way:\n\n\nstatic ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}\n\n\n\n\nAutorizationCodeAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you first get a code which you need to trade against the access-token.\n\nIn this exchange you need to provide your Client-Secret and because of that it's not recommended.\n\n(But you can e.g exchange to codes via a PHP Script)\n\nA good thing about this method: You can always refresh your token, without having the user to auth it again\n\n\nMore info: \nhere\n\n\nstatic AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine(\nToo long, didnt respond, exiting now...\n);\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, \nXXXXXXXXXXX\n);\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n}\n\n\n\n\nClientCredentialsAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.\n\nIf you want to use it securely, you would need to do it all server-side.\n\n\nNOTE:\n You will only be able to query non-user-related information e.g search for a Track.\n\n\nMore info: \nhere\n\n\nstatic ClientCredentialsAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ClientCredentialsAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Your client secret UNSECURE!!\n ClientSecret = \nXXXXXXXXXXXX\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //With this token object, we now can make calls\n Token token = auth.DoAuth();\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken,\n UseAuth = false\n };\n}\n\n\n\n\nScopes",
+ "text": "Auth-Methods\n\n\nBefore you can use the Web API full functional, you need the user to authenticate your Application.\n\nIf you want to know more, you can read to the whole auth-process \nhere\n.\n\n\nBefore you start, you need to create a Application at Spotify: \nYour Applications\n\n\n\n\nAfter you created your Application, you will have following important values: \n\n\n\n\nClient_Id\n This is your client_id, you don't have to hide it\n\n\nClient_Secret\n Never use this in one of your client-side apps!! Keep it secret!\n\n\nRedirect URIs\n Add \"http://localhost\", if you want full support for this API \n\n\n\n\nNow you can start with the User-authentication, Spotify provides 3 ways:\n\n\n\n\n\n\nImplicitGrantAuth\n (\nRecommended\n, no server-side code needed) \n\n\n\n\n\n\nAutorizationCodeAuth\n (Not Recommended, Server-side code needed, else it's unsecure)\n\n\n\n\n\n\nClientCredentialsAuth\n (Not Recommended, Server-side code needed, else it's unsecure) \n\n\n\n\n\n\nNote:\n I would recommend a little PHP Script, which will exchange the Keys using AutorizationCodeAuth.\nWhen using ImplicitGrantAuth, another user could abuse the \"localhost\" RedirectUri by creating a \"fake\"-app which uses your ClientId.\n\n\nOverview:\n\n\n\nAfter implementing one of the provided auth-methods, you can start doing requests with the token you get from one of the auth-methods\n\n\nImplicitGrantAuth\n\n\nThis way is \nrecommended\n and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects.\n\n\nMore info: \nhere\n\n\nFor this kind of authentication, there is also a \nWebAPIFactory\n, it's easier to use and uses an async method:\n\n\nstatic async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n \nhttp://localhost\n,\n 8000,\n \nXXXXXXXXXXXXXXXX\n,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n}\n\n\n\n\nThe old way:\n\n\nstatic ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}\n\n\n\n\nAutorizationCodeAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you first get a code which you need to trade against the access-token.\n\nIn this exchange you need to provide your Client-Secret and because of that it's not recommended.\n\n(But you can e.g exchange to codes via a PHP Script)\n\nA good thing about this method: You can always refresh your token, without having the user to auth it again\n\n\nMore info: \nhere\n\n\nstatic AutorizationCodeAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new AutorizationCodeAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = \nhttp://localhost\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //This will be called, if the user cancled/accept the auth-request\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //a local HTTP Server will be started (Needed for the response)\n auth.StartHttpServer();\n //This will open the spotify auth-page. The user can decline/accept the request\n auth.DoAuth();\n\n Thread.Sleep(60000);\n auth.StopHttpServer();\n Console.WriteLine(\nToo long, didnt respond, exiting now...\n);\n}\n\nprivate static void auth_OnResponseReceivedEvent(AutorizationCodeAuthResponse response)\n{\n //Stop the HTTP Server, done.\n auth.StopHttpServer();\n\n //NEVER DO THIS! You would need to provide the ClientSecret.\n //You would need to do it e.g via a PHP-Script.\n Token token = auth.ExchangeAuthCode(response.Code, \nXXXXXXXXXXX\n);\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n\n //With the token object, you can now make API calls\n}\n\n\n\n\nClientCredentialsAuth\n\n\nThis way is \nnot recommended\n and requires server-side code to run securely.\n\nWith this approach, you make a POST Request with a base64 encoded string (consists of ClientId + ClientSecret). You will directly get the token (Without a local HTTP Server), but it will expire and can't be refreshed.\n\nIf you want to use it securely, you would need to do it all server-side.\n\n\nNOTE:\n You will only be able to query non-user-related information e.g search for a Track.\n\n\nMore info: \nhere\n\n\nstatic ClientCredentialsAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ClientCredentialsAuth()\n {\n //Your client Id\n ClientId = \nXXXXXXXXXXXXXXX\n,\n //Your client secret UNSECURE!!\n ClientSecret = \nXXXXXXXXXXXX\n,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //With this token object, we now can make calls\n Token token = auth.DoAuth();\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken,\n UseAuth = false\n };\n}\n\n\n\n\nScopes",
"title": "Authentication"
},
{
@@ -142,7 +142,7 @@
},
{
"location": "/SpotifyWebAPI/auth/#implicitgrantauth",
- "text": "This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects. More info: here For this kind of authentication, there is also a WebAPIFactory , it's easier to use and uses an async method: static async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n http://localhost ,\n 8000,\n XXXXXXXXXXXXXXXX ,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n} The old way: static ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.USER_READ_PRIVATE,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}",
+ "text": "This way is recommended and the only auth-process, which does not need a server-side exchange of keys. With this approach, you directly get a Token object after the user authed your application.\nYou won't be able to refresh the token. If you want to use the internal Http server, please add \"http://localhost\" to your application redirects. More info: here For this kind of authentication, there is also a WebAPIFactory , it's easier to use and uses an async method: static async void Main(string[] args)\n{\n WebAPIFactory webApiFactory = new WebAPIFactory(\n http://localhost ,\n 8000,\n XXXXXXXXXXXXXXXX ,\n Scope.UserReadPrivate,\n TimeSpan.FromSeconds(20)\n );\n\n try\n {\n //This will open the user's browser and returns once\n //the user is authorized.\n _spotify = await webApiFactory.GetWebApi();\n }\n catch (Exception ex)\n {\n MessageBox.Show(ex.Message);\n }\n\n if (_spotify == null)\n return;\n} The old way: static ImplicitGrantAuth auth;\nstatic void Main(string[] args)\n{\n //Create the auth object\n auth = new ImplicitGrantAuth()\n {\n //Your client Id\n ClientId = XXXXXXXXXXXXXXXX ,\n //Set this to localhost if you want to use the built-in HTTP Server\n RedirectUri = http://localhost ,\n //How many permissions we need?\n Scope = Scope.UserReadPrivate,\n };\n //Start the internal http server\n auth.StartHttpServer();\n //When we got our response\n auth.OnResponseReceivedEvent += auth_OnResponseReceivedEvent;\n //Start\n auth.DoAuth();\n}\n\nstatic void auth_OnResponseReceivedEvent(Token token, string state, string error)\n{\n //stop the http server\n auth.StopHttpServer();\n\n var spotify = new SpotifyWebApiClass()\n {\n TokenType = token.TokenType,\n AccessToken = token.AccessToken\n };\n //We can now make calls with the token object\n}",
"title": "ImplicitGrantAuth"
},
{