Access tokens issued from the Spotify account service has a lifetime of one hour. If a longer session is desired Spotify account service supports the OAuth Code grant flow. The iOS-SDK provides helper functionality to simplify the use of the Code grant flow.
By setting tokenSwapURL and tokenRefreshURL it is possible for the iOS-SDK to request a new access token with a refresh token whenever needed. The iOS-SDK demo project has a ruby example of the needed back-end services. The example is not recommended to use in production.
This page contains a description of the requests done by the iOS-SDK and the expected responses.
tokenSwapURL
Swaps a code for an access token and a refresh token.
Header |
Value |
Content-Type |
application/x-www-form-urlencoded |
Request Body
Parameter |
description |
code |
The code returned from Spotify account service to be used in the token request. |
Request Example
curl -X POST "https://example.com/v1/swap” -H "Content-Type: application/x-www-form-urlencoded" --data “code=AQDy8...xMhKNA”
Header |
Value |
Content-Type |
application/json |
Expected Response Body Parameters
Parameters must be JSON encoded.
Parameter |
description |
access_token |
Access token received from Spotify account service. |
expires_in |
The time period (in seconds) for which the access token is valid. Returned from the Spotify account service. |
refresh_token |
The refresh token returned from the Spotify account service. It should not return the actual refresh token but a reference to the token or an encrypted version of the token. Encryption solution is shown in the ruby example. |
Response Example
{
"access_token" : "NgAagA...Um_SHo",
"expires_in" : "3600",
"refresh_token" : "NgCXRK...MzYjw"
}
tokenRefreshURL
Uses the refresh token to get a new access token.
Header |
Value |
Content-Type |
application/x-www-form-urlencoded |
Request Body
Parameter |
description |
refresh_token |
The refresh_token value previously returned from the token swap endpoint. |
Request Example
curl -X POST "https://example.com/v1/refresh" -H "Content-Type: application/x-www-form-urlencoded" --data "refresh_token=NgCXRK...MzYjw"
Header |
Value |
Content-Type |
application/json |
Expected Response Body Parameters
Parameter |
description |
access_token |
Access token received from Spotify account service. |
expires_in |
The time period (in seconds) for which the access token is valid. Returned from the Spotify account service. |
Response Example
{
"access_token" : "NgAagA...Um_SHo",
"expires_in" : "3600"
}