Spotify API {'error': 'invalid_client'} Authorization Code Flow [400]

Asked 1/12, 2018 at 4:50 Answered 8/1 at 19:48

This is one of my many attempts at making a POST request to https://accounts.spotify.com/api/token.

Scope was set to 'playlist-modify-public, playlist-modify-private'.

I'm using Python 3.7, Django 2.1.3.

No matter what I do, response_data returns {'error': 'invalid_client'}

I've tried many things, including passing the client_id/client_secret inside the body of the request as per the official Spotify documentation for this particular request... to no avail.

Please help!

def callback(request):

    auth_token = request.GET.get('code')     # from the URL after user has clicked accept
    code_payload = {
        'grant_type': 'authorization_code',
        'code': str(auth_token),
        'redirect_uri': REDIRECT_URI,
    }

    auth_str = '{}:{}'.format(CLIENT_ID, CLIENT_SECRET)
    b64_auth_str = base64.b64encode(auth_str.encode()).decode()

    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': 'Basic {}'.format(b64_auth_str)
    }

    post_request = requests.post(SPOTIFY_TOKEN_URL, data=code_payload, headers=headers)

    response_data = json.loads(post_request.text)
        # ==> {'error': 'invalid_client'}

Alduino answered 1/12, 2018 at 4:50 Comment(3)

Hello. Did you figure out how to solve? – Sapwood 18/2, 2020 at 12:22

Hey @MatteusBarbosa, I actually realized I had reset my Spotify client_secret on the Spotify Dashboard and completely forgot to modify my code accordingly... Felt real smart :| – Alduino 20/2, 2020 at 2:2

thanks for your response – Sapwood 3/3, 2020 at 18:23

From the documentation

An alternative way to send the client id and secret is as request parameters (client_id and client_secret) in the POST body, instead of sending them base64-encoded in the header.

    SPOTIFY_TOKEN = "https://accounts.spotify.com/api/token"
    request_body = {
        "grant_type": GRANT_TYPE,
        "code": code,
        "redirect_uri": REDIRECT_URI,
        "client_id": SPOTIFY_CLIENT_ID,
        "client_secret": SPOTIFY_CLIENT_SECRET,
    }
    r = requests.post(url=SPOTIFY_TOKEN, data=request_body)
    resp = r.json()

This works as well.

Douai answered 19/5, 2021 at 18:27 Comment(2)

This should be the accepted answer - the current accepted answer has exactly the same issue. – Curculio 29/12, 2021 at 21:57

This worked for me! Thank you so much. I was using some parameters from the JavaScript example on the Spotify Developers site, and needed to omit them. – Henley 10/8, 2022 at 23:0

I suspect the issue is with invalid characters in your Authorization header. Try using urlsafe_b64encode instead of b64encode to prepare that header value:

b64_auth_str = base64.urlsafe_b64encode(auth_str.encode()).decode()

Homozygote answered 1/12, 2018 at 5:5 Comment(1)

I had the same error using: hash = (client_id + ":" + client_secret).toString('base64'); So i encode it on this site : base64encode.org and it work – Tricostate 2/11, 2021 at 20:43

Here is another problem mentioned. If the error is

INVALID_CLIENT: Invalid redirect URI

then you need to register your URI. Quote from the source - to have everything at one place:

Simply log in, find your app and click "Edit Settings" in the top right section. Under redirect URIs you add REDIRECT_URI and remember to click save in the bottom. This should resolve your issue.

Gilles answered 4/1, 2022 at 22:40 Comment(0)

One thing you can do is generate a new client secret via the spotify API dashboard. I ran into this error not too long ago and this resolved my issue.

Don't forget to reflect this changed client secret everywhere it is referenced in your code.

Domingo answered 8/1 at 19:48 Comment(0)

Recommended topics

Hot tags