Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
github.com/dechristopher/spotify
This is a Go wrapper for working with Spotify's Web API.
It aims to support every task listed in the Web API Endpoint Reference, located here.
By using this library you agree to Spotify's Developer Terms of Use.
To install the library, simply
go get github.com/zmb3/spotify
Spotify uses OAuth2 for authentication and authorization.
As of May 29, 2017 all Web API endpoints require an access token.
You can authenticate using a client credentials flow, but this does not provide
any authorization to access a user's private data. For most use cases, you'll
want to use the authorization code flow. This package includes an Authenticator
type to handle the details for you.
Start by registering your application at the following page:
https://developer.spotify.com/my-applications/.
You'll get a client ID and secret key for your application. An easy way to provide this data to your application is to set the SPOTIFY_ID and SPOTIFY_SECRET environment variables. If you choose not to use environment variables, you can provide this data manually.
// the redirect URL must be an exact match of a URL you've registered for your application
// scopes determine which permissions the user is prompted to authorize
auth := spotify.NewAuthenticator(redirectURL, spotify.ScopeUserReadPrivate)
// if you didn't store your ID and secret key in the specified environment variables,
// you can set them manually here
auth.SetAuthInfo(clientID, secretKey)
// get the user to this URL - how you do that is up to you
// you should specify a unique state string to identify the session
url := auth.AuthURL(state)
// the user will eventually be redirected back to your redirect URL
// typically you'll have a handler set up like the following:
func redirectHandler(w http.ResponseWriter, r *http.Request) {
// use the same state string here that you used to generate the URL
token, err := auth.Token(state, r)
if err != nil {
http.Error(w, "Couldn't get token", http.StatusNotFound)
return
}
// create a client using the specified token
client := auth.NewClient(token)
// the client can now be used to make authenticated requests
}
You may find the following resources useful:
Spotify's Web API Authorization Guide: https://developer.spotify.com/web-api/authorization-guide/
Go's OAuth2 package: https://godoc.org/golang.org/x/oauth2/google
Many of the functions in this package come in two forms - a simple version that
omits optional parameters and uses reasonable defaults, and a more sophisticated
version that accepts additional parameters. The latter is suffixed with Opt
to indicate that it accepts some optional parameters.
The API will throttle your requests if you are sending them too rapidly.
The client can be configured to wait and re-attempt the request.
To enable this, set the AutoRetry
field on the Client
struct to true
.
For more information, see Spotify rate-limits.
Examples of the API can be found in the examples directory.
You may find tools such as Spotify's Web API Console or Rapid API valuable for experimenting with the API.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.