400 error on login.

It seems like a dead end with the current way to obtain an access_token since it would require bypassing Google Recaptcha.

I’ve hacked together a potential workaround. Instead of using username and password to obtain a token, I instead use two cookies that are set just after logging in called sp_dc and sp_key. It does require a manual step to obtain these cookies and they are valid for 1 year. Spotify use them to refresh the access token when it expires after 1 hour.

You can checkout how to obtain the access token with the cookies here. https://github.com/petergp/spotify-webplayer-token/blob/master/spotify_token.py

I’ll be testing this the next couple of days. You can find a working fork here: https://github.com/petergp/spotcast/

To obtain the cookies manually: • Open https://accounts.spotify.com/en/login • Open network developer tools in your browser (might require developer menu to be enabled) • Login to Spotify and select Web Player • Search/Filter for get_access_token on the network list in Developer tools • Under cookies for the request find sp_dc and sp_key.

Add these to your configuration.yaml

spotcast:
  sp_dc: <sp_dc goes here>
  sp_key: <sp_key goes here> 

How long do the web tokens last?
Could one use manual steps to generate a token via a browser login and then store that rather?