0

I am trying to integrate Spotify Authorization flow (to gain access and refresh tokens) into my Django app. For this I have setup two Django endpoints - one for spotify login and another for spotify callback.

  • The login endpoint redirects to the spotify authorization endpoint, which requires the user to login into their spotify account and grant permissions.

  • This is followed by the Spotify API redirecting to the callback view in my Django app. Along with redirecting, the API sends a get variable, that is further utilised by the callback view to gain access and refresh tokens.

I need to store these tokens for each user of my website and for that I need to gain access to the user id. However the request.session variable always comes in empty in the callback view. Suggestions for gaining access to the request.session variable?

sugarisbad
  • 1
  • 1
  • There's a difference between a callback view and a redirect view in these kind of APIs. Are you sure your callback view is called by the browser of the user and isn't an API callback by Spotify directly? And you're not explaining how you're setting the session variable that you're trying to access in the first place. – dirkgroten Feb 24 '20 at 15:49
  • The callback view is called by Spotify API directly. Basically, we have to provide a redirect link in to the API in the first step. Sorry, precisely I am trying to simply access request.user.id or request.session["_auth_user_id"]. I am assuming both return same value. – sugarisbad Feb 24 '20 at 16:17
  • Well then there isn't a session, since it's not called by the browser. The `request` object will have an `AnonymousUser` and no session. The API call by spotify should contain some unique identifier that allows you to map it to the previous request (either in `request.GET` or `request.POST` depending if it's a GET or a POST) – dirkgroten Feb 24 '20 at 16:18
  • Why won't the request object not contain the information of the current logged in user? According to the docs the request object is prepared by Django based on the http request made and then, the request object is passed to the associated view function. – sugarisbad Feb 25 '20 at 15:20
  • But this particular request is not made by the user. It’s made by Spotify’s server. – dirkgroten Feb 25 '20 at 15:46
  • Would I still not be able to access the request variable (in another view) if I redirect to another url from within the view that's executed upon Spotify's API callback? – sugarisbad Feb 25 '20 at 16:03
  • But your response goes back to Spotify. Not to the user. If it’s a direct callback from Spotify. So redirecting doesn’t do anything to change this. Only in requests you get from the user you can get the users session. – dirkgroten Feb 25 '20 at 16:29
  • Again I think you should draw out the entire flow as a sequence diagram. Making clear which entity makes a call to which entity (and naming your views in the diagram). It’s confusing now and I don’t know for sure whether or not we are talking about a view called by Spotify or by your user. – dirkgroten Feb 25 '20 at 16:31

0 Answers0