Need help tracking down a specific website (to identify Spotify account)

Question

I stumbled across a website a while back where it showed the privacy repercussions of logging in to Spotify using the web version. I believe it used JavaScript but I can't be too sure. Anyway, this unrelated website was able to display my Spotify username despite me not authorizing anything. If I remember correctly, it also had slots for other services that I didn't use so it couldn't show my username there.

But what I'm interested in learning about is how it managed to get my Spotify username. Not because I plan to use the method but out of curiosity with how the whole thing works. When I found out about that page/site awhile back, it spooked me enough that I started using a different browser profile specifically for Spotify going forward because of it but I never got around to digging deeper into how it actually did what it did.

Answer 1

Cookies save your an access token for Spotify account after to success login of Spotify.

Next time, if open your browser go to

https://open.spotify.com/

It's java-script to access from your PC's cookies, call this API with cookies an access token , get your information.

Then display your user name in the web page.

https://api.spotify.com/v1/me

If I copy from my Chrome browser the access-token and API URL, Then access by Postman.

I can get the my user name.

Each browser has own location to save a cookies, if you never login before other browser, will not pick up your information.

I did not login before by Firefox. This is screen of login.