Product
Introducing SSO
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Readme
Another wrapper for the Spotify Web API, built on top of requests
and
requests_oauthlib
.
I wrote this package as a kind of "code generation experiment": the code (and doc) of
Spotify
class was almost entirely generated using a script that scrapes the
official Spotify Web API documentation.
For scripts and desktop apps, this package (optionally) includes a flask server (meant to be run locally) to handle user authorization without requiring the user to manually copy and paste the OAuth2 callback URL (containing the token) from the browser to your app.
.. contents::
If you don't need the authorization flask app::
pip install spotipie
otherwise::
pip install spotipie[auth-app]
Obtain your credentials as described
here <https://developer.spotify.com/documentation/web-api/quick-start/>
__.
(Optional) Store your credentials and redirection URI as environment variables:
SPOTIPIE_CLIENT_ID
SPOTIPIE_CLIENT_SECRET
SPOTIPIE_REDIRECT_URI
;you could also use another prefix, SPOTIPIE
is just the default one.
To use the spotipie.Spotify
client you first need to create an HTTP session
and authenticate it. The Spotify
constructor takes whatever behaves like
a requests.Session
.
spotipie
provides one session class for each of the three OAuth2
authorization flows supported by the Spotify API (see
Authorization Flows <https://developer.spotify.com/documentation/general/guides/authorization-guide/>
_);
these classes are built on top of requests_oauthlib.OAuth2Session
(by composition, not inheritance):
ClientCredentialsSession
AuthorizationCodeSession
ImplicitGrantSession
To see how to create a session, see the Examples
_.
Once you have an authenticated session, you can wrap it with the client and you're ready to make any API call you want::
spotify = Spotify(session) results = spotify.search('symphony', obj_type='playlist')
See the API of the client here <https://spotipie.readthedocs.io/en/latest/api/spotipie.html#spotipie.Spotify>
__.
A backend web application should use:
For scripts and desktop application... it's more complicated. The recommended flow in this case is "Authorization code with PKCE" but it's not supported by Spotify at the time I'm writing this.
It's not recommended to distribute your code with your API secret key in it, so both the client credentials flow and the authorization code flow should not be used, unless you ask your users to use their own API keys; this can be acceptable if your target users are other developers.
The implicit grant flow was designed for apps that run in the browser but has been used for "native apps" too since it doesn't need the client secret key; unfortunately, for native apps, it's neither very safe nor convenient from a user perspective since the authorization is not refreshable.
All the examples assume your API credentials and redirect URI are stored as environment variables.
Client credentials flow <https://github.com/janLuke/spotipie/blob/master/docs/examples/client_credentials.py>
_Authorization code flow for scripts / desktop apps <https://github.com/janLuke/spotipie/blob/master/docs/examples/desktop_app_authorization_code.py>
_Implicit grant flow for scripts / desktop apps <https://github.com/janLuke/spotipie/blob/master/docs/examples/desktop_app_implicit_grant.py>
_Flask web app (authorization code flow) <https://github.com/janLuke/spotipie/blob/master/docs/examples/flask_authorization_code.py>
_https://spotipie.readthedocs.io/en/latest/api/spotipie.html
FAQs
Another client for the Spotify Web API
We found that spotipie demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.