Skip to content

Advanced User Authentication

In order for the iOS SDK to control the Spotify app, they will need to authorize your app. The functionality to do this is built in and can be implemented directly inside of your AppDelegate.swift:

Implement Session Delegate

In order to handle auth, we need to add a SPTSessionManagerDelegate inside of your AppDelegate.swift:


_10
class AppDelegate: UIResponder, UIApplicationDelegate, SPTSessionManagerDelegate {
_10
...

This will require us to implement the following three methods:


_10
func sessionManager(manager: SPTSessionManager, didInitiate session: SPTSession) {
_10
print("success", session)
_10
}
_10
func sessionManager(manager: SPTSessionManager, didFailWith error: Error) {
_10
print("fail", error)
_10
}
_10
func sessionManager(manager: SPTSessionManager, didRenew session: SPTSession) {
_10
print("renewed", session)
_10
}

Instantiate SPTConfiguration

At a class-level, we can define our Client ID, Redirect URI and instantiate the SDK:


_10
let SpotifyClientID = "[your spotify client id here]"
_10
let SpotifyRedirectURL = URL(string: "spotify-ios-quick-start://spotify-login-callback")!
_10
_10
lazy var configuration = SPTConfiguration(
_10
clientID: SpotifyClientID,
_10
redirectURL: SpotifyRedirectURL
_10
)

Setup Token Swap

The authentication process provides a refresh_token, which can be stored locally inside your app. This can be used, along with your Client ID, Client Secret and Redirect URL, to obtain an access_token that is valid for 60 minutes.

However, as we strongly discourage the use of Client Secrets in your iOS app code, we have written two well-documented web server examples that can do this for you:

Once you have set them up, and have the tokenSwapURL and tokenRefreshURL we can set this up in our AppDelegate.swift in a class-level closure:


_10
lazy var sessionManager: SPTSessionManager = {
_10
if let tokenSwapURL = URL(string: "https://[my token swap app domain]/api/token"),
_10
let tokenRefreshURL = URL(string: "https://[my token swap app domain]/api/refresh_token") {
_10
self.configuration.tokenSwapURL = tokenSwapURL
_10
self.configuration.tokenRefreshURL = tokenRefreshURL
_10
self.configuration.playURI = ""
_10
}
_10
let manager = SPTSessionManager(configuration: self.configuration, delegate: self)
_10
return manager
_10
}()

Configure Initial Music

iOS requires us to define a playURI (as shown in the last step) in order to play music to wake up the Spotify main application. This is an iOS-specific requirement. There's two values self.configuration.playURI accepts:

An empty value: If empty, it will resume playback of user's last track. Example:


_10
self.configuration.playURI = ""

A valid Spotify URI: Otherwise, provide a Spotify URI. Example:


_10
self.configuration.playURI = "spotify:track:20I6sIOMTCkB6w7ryavxtO"

Invoke Auth Modal

With SPTConfiguration and SPTSessionManager both configured, we can invoke the authorization screen. Notice the optional campaign parameter, which can be set for attribution purposes to help indicate where the account linking was initiated from:


_10
let requestedScopes: SPTScope = [.appRemoteControl]
_10
self.sessionManager.initiateSession(with: requestedScopes, options: .default, campaign: "utm-campaign")

Configure Auth Callback

Once a user successfully returns to your application, we'll need to notify sessionManager about it by implementing the following method:


_10
func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool {
_10
self.sessionManager.application(app, open: url, options: options)
_10
return true
_10
}

Now, when a user authorizes, they should return to your application with the sessionManager(manager: SPTSessionManager, didInitiate session: SPTSession) method being successfully invoked.