An node server capable of swapping and refreshing tokens provided by Spotify API.
I took this straight from here to be used with this app.
Structured as a Firebase Functions project.
- Install dependencies using:
npm install- Create a
.envfile in the root of this directory with the following entries acquired from Spotify Developer Dashboard :
⚠️ Don't commit the.envfile to your repo⚠️
SPOTIFY_CLIENT_ID="client_id_from_spotify_dashboard"
SPOTIFY_CLIENT_SECRET="client_secret_from_spotify_dashboard"
SPOTIFY_CLIENT_CALLBACK="callback_registered_in_spotify_dashboard"
ENCRYPTION_SECRET="THISWILLBEABIGSECRET"
ENCRYPTION_METHOD="aes-256-ctr"- Run server using:
npm run start - In you the Spotify for Bike app set
tokenSwapURLtohttp://<SERVER_URL>/swapandtokenRefreshURLtohttp://<SERVER_URL>/refresh, replacing<SERVER_URL>with your server URL.
Spotify's authentication flow is based on OAuth 2.0. Part of that flow makes use of a client secret (which is a secret to your Spotify App you can get on the Developer Dashboard) to refresh auth tokens. The problem is, this secret has to be provided by the person asking for the token refreshes, and secrets are never safe on clients. So, offloading that to a sever (and the client will just talk to an endpoint from that server when it wants it to get new tokens on it's behalf) is safer.
Learn more about secrets here, and some new methods (that we don't use) to make them safer here.