在后端使用 PHP 和 curl 为 Spotify 进行中央 OAuth2.0 授权 WebA ZDB9742CE18718Z
[英]Central OAuth2.0 Authorization on the Backend-Side using PHP and curl for Spotify Web API
问题描述
I am creating an application which aims at automatically creating Spotify Playlists in a central Spotify account (not the account of the end users).
我正在创建一个旨在在中央 Spotify 帐户(而不是最终用户的帐户)中自动创建 Spotify 播放列表的应用程序。 I have set up this account and created the developer app for the secret and the client_id.我已经设置了这个帐户并为密钥和 client_id 创建了开发者应用程序。
On the backend side, I am using PHP to authorize this central user, and it is working as long as I am logged in myself with that account.在后端,我使用 PHP 来授权这个中央用户,只要我用那个帐户登录,它就可以工作。
Users that visit my website should be able to create playlists via that interface through the Spotify Web API without the need to authorize their account nor being logged in at all.访问我的网站的用户应该能够通过 Spotify Web API 通过该界面创建播放列表,而无需授权他们的帐户,也无需登录。
If I'm trying to open the same page on a separate device (without having any account logged in), it just gives me the following error:如果我试图在单独的设备上打开同一页面(没有任何帐户登录),它只会给我以下错误:
User not registered in the Developer Dashboard
Is it somehow possible to perform this authorization process only on the backend side without the need for the user to authorize it?是否可以仅在后端执行此授权过程而无需用户授权?
Eventually, I want to send the playlist URL created in the central Spotify Account to the user who can open it in their own app or share with others, if they want to.最后,我想将在中央 Spotify 帐户中创建的播放列表 URL 发送给可以在自己的应用程序中打开或与他人共享的用户,如果他们愿意的话。
I try to avoid that multiple users must authorize for my app, since I don't need to access personal information from their account, anyways.我尽量避免多个用户必须为我的应用程序授权,因为无论如何我不需要从他们的帐户访问个人信息。
I used the 3-step process for authorization as described in this Stackoverflow Post: Spotify oauth2 with PHP curl.我使用了这个 Stackoverflow 帖子中描述的 3 步授权过程: Spotify oauth2 with PHP curl。 How to get authorization code? 如何获取授权码?
If necessary, I will provide more information.如有必要,我将提供更多信息。
Do you have any idea, how I can implement this authorization process for the single account on the backend side, without the user even showing any authorization process of the Spotify Web API at all?您有什么想法吗,我如何在后端为单个帐户实施此授权过程,而用户甚至根本不显示 Spotify Web API 的任何授权过程?
EDIT1: I am not trying to login on the behalf of my users, just automatically for my own account without the interactive login with Spotify. EDIT1:我没有尝试代表我的用户登录,只是自动为我自己的帐户登录,而无需使用 Spotify 进行交互式登录。 Is that even possible?这甚至可能吗?
1 个解决方案
解决方案1
0 2022-08-16 11:01:28
I received valuable feedback from the Spotify Developer Community that helped me finding a solution to the problem.我收到了来自 Spotify 开发者社区的宝贵反馈,这些反馈帮助我找到了问题的解决方案。
When you let the central Spotify account login to your app, you'll [get] an access_token (that will expire in 1 hour) and a refresh_token .当您让中央 Spotify 帐户登录到您的应用程序时,您将 [get] 一个 access_token (将在 1 小时内到期)和一个refresh_token 。
When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the access_token.当该帐户的 access_token 过期时,让您的服务器向 Accounts 服务/api/token端点发送 POST 请求,但使用 refresh_token 代替 access_token。
A new access_token will be returned.
A new refresh_token might be returned too.也可能返回一个新的 refresh_token。 (I don't think that's even needed) (我认为甚至不需要)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.