Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Missing scope in token responses

See original GitHub issue

I can’t seem to request a client token and this is the error message. Is that due to some API changes cause it did work previously.

cred = tk.Credentials(
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET,
    redirect_uri=REDIRECT_URI,
)
cred.request_client_token()

---------------------------------------------------------------------------
KeyError                                  Traceback (most recent call last)
<ipython-input-7-16b2a7dae391> in <module>
----> 1 cred.request_client_token()

~/.pyenv/versions/3.7.5/envs/spolarfy/lib/python3.7/site-packages/tekore/_sender/client.py in wrapper(self, *args, **kwargs)
     77 
     78             response = self.send(request)
---> 79             return post_func(request, response, *params)
     80         return wrapper
     81     return decorator

~/.pyenv/versions/3.7.5/envs/spolarfy/lib/python3.7/site-packages/tekore/_auth/expiring/decor.py in func(request, response)
     28         """Parse token object from response."""
     29         handle_errors(request, response)
---> 30         return Token(response.content, uses_pkce)
     31     return func
     32 

~/.pyenv/versions/3.7.5/envs/spolarfy/lib/python3.7/site-packages/tekore/_auth/expiring/token.py in __init__(self, token_info, uses_pkce)
     37         self._token_type = token_info['token_type']
     38 
---> 39         self._scope = Scope(*token_info['scope'].split(' '))
     40         if str(self._scope) == '':
     41             self._scope = Scope()

KeyError: 'scope'

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:5 (3 by maintainers)

Top GitHub Comments

3reactions

felix-hildencommented, Mar 7, 2021

Much appreciated @TrustyJAID!

Reading the Authorisation Guide of Spotify, I see no mention of scopes in the client creds flow, though I can’t remember whether or not it has been there. The fix would be simple, but there is one complication. It seems that user authorisation without any scopes results in the scope missing from the response as well. So we can’t take this to mean “the scope of an app token has been removed because it means nothing”. Rather it could mean that “empty scopes are not returned”.

I think here’s what we’ll do:

Open up an issue on the Spotify forums asking about this (link)
In the meantime allow missing scopes in the response, but parse them as before, to empty Scope objects
Release the fix as a temporary solution
Monitor the issue and possibly change the behavior to fit the true intention of Spotify. Meaning that if they are always missing, leave app scope missing but parse user scope to empty, and so on.

1reaction

TrustyJAIDcommented, Mar 7, 2021

Hello, I did some light digging into this issue. It appears that user authorization is not affected by this only accessing the spotify API via the owners API tokens. The refresh token does not return the scope in the payload. I don’t know how much that is necessary but checking if the scope is present in the payload before fixed the error for myself. Although the only time I was using the owners credentials was accessing available genres. This is what I changed:

# in _auth/expiring/token.py
def __init__(self, token_info: dict, uses_pkce: bool):
        self._access_token = token_info['access_token']
        self._token_type = token_info['token_type']
        
        self._scope = Scope(*token_info.get('scope', '').split(' '))
        if str(self._scope) == '':
            self._scope = Scope()