spotify-web-api-node icon indicating copy to clipboard operation
spotify-web-api-node copied to clipboard

Published 20 hours ago verified publisher icon thelinmichael

PKCE Auth Flow

Open mochimisu opened this issue 4 years ago • 3 comments

Hi! I'm using your library for a personal for-fun project. I'm not that experienced in web programming, much less nodejs.

I noticed that there is a 4th authorization flow on Spotify's docs: https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow-with-proof-key-for-code-exchange-pkce "Authorization Code Flow with Proof Key for Code Exchange (PKCE)". This auth flow does not require using a client secret, which appeals to me since my project is a purely client-side app.

I did a quick modification of your library to use this authentication method, and to default to it when a client secret is not provided.

Since I'm a bit inexperienced here, this is mostly just a request for you to consider this feature, with an implementation that works for my application.

Cheers.

mochimisu avatar Apr 16 '21 09:04 mochimisu

Coverage Status

Coverage increased (+0.1%) to 98.0% when pulling f397e9452b16d3ed6dff9d026cf912baa6d6e044 on mochimisu:master into be15f1c742b35134ce5bd35521d8bf1ab1ba67cf on thelinmichael:master.

coveralls avatar Apr 16 '21 09:04 coveralls

+1 for this! Could we merge?

polvoazul avatar Aug 28 '22 18:08 polvoazul

+1 Could this be merged if working? As far as I can tell there is no way to currently use this library completely client side without exposing the client secret, as the implicit grant flow seems to be broken and no support for PKCE.

Talal916 avatar Nov 03 '22 17:11 Talal916