Can't authorize via Spotify

Trying to authorize my app to use my Spotify account, but I keep getting this for /login:

Refused to frame 'https://accounts.spotify.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.glitch.me https://*.glitch.dev https://*.glitch.app https://*.glitch.staging.me https://*.glitch.development https://*.testing.staging.glitch.com http://*.glitch.localprojecthost:3031 https://*.glitch.dev https://*.glitch.staging.dev https://*.glitch.devdev http://*.danielluxemburg.glitch.lol https://*.glitch.app https://*.glitch.staging.app https://*.edgecompute.app https://accounts.google.com https://content-firebase.googleapis.com/ https://www.google.com https://*.ondigitalocean.app blob: data:".

That’s in Chrome console, and this is in the Glitch terminal:

Error getting Tokens: WebapiAuthenticationError: An authentication error occurred while communicating with Spotify's Web API.
Details: invalid_request code must be supplied.
    at _toError (/rbd/pnpm-volume/37a9ff37-7b41-4ce1-8a0c-c9be7ea1c978/node_modules/spotify-web-api-node/src/http-manager.js:43:12)
    at /rbd/pnpm-volume/37a9ff37-7b41-4ce1-8a0c-c9be7ea1c978/node_modules/spotify-web-api-node/src/http-manager.js:71:25
    at Request.callback (/rbd/pnpm-volume/37a9ff37-7b41-4ce1-8a0c-c9be7ea1c978/node_modules/spotify-web-api-node/node_modules/superagent/lib/node/index.js:905:3)
    at /rbd/pnpm-volume/37a9ff37-7b41-4ce1-8a0c-c9be7ea1c978/node_modules/spotify-web-api-node/node_modules/superagent/lib/node/index.js:1127:20
    at IncomingMessage.<anonymous> (/rbd/pnpm-volume/37a9ff37-7b41-4ce1-8a0c-c9be7ea1c978/node_modules/spotify-web-api-node/node_modules/superagent/lib/node/parsers/json.js:22:7)
    at Stream.emit (events.js:400:28)
    at Unzip.<anonymous> (/rbd/pnpm-volume/37a9ff37-7b41-4ce1-8a0c-c9be7ea1c978/node_modules/spotify-web-api-node/node_modules/superagent/lib/node/unzip.js:53:12)
    at Unzip.emit (events.js:400:28)
    at endReadableNT (internal/streams/readable.js:1334:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21) {
  body: {
    error: 'invalid_request',
    error_description: 'code must be supplied'
  },
  headers: {
    date: 'Sat, 18 Feb 2023 20:54:39 GMT',
    'content-type': 'application/json',
    'set-cookie': [
      '__Host-device_id=XXXX-_ir3o1T46saVXcEVsdXF5B6bmrspm_bgAw;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax',
      'sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax'
    ],
    'sp-trace-id': '3ca9997f30faef07',
    'x-envoy-upstream-service-time': '10',
    server: 'envoy',
    'strict-transport-security': 'max-age=31536000',
    'x-content-type-options': 'nosniff',
    'content-encoding': 'gzip',
    vary: 'Accept-Encoding',
    via: 'HTTP/2 edgeproxy, 1.1 google',
    'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
    connection: 'close',
    'transfer-encoding': 'chunked'
  },
  statusCode: 400
}

That seems like a CSP problem. Are you executing that code in the Glitch Editor (i.e. on the browser console) instead of in the project website (something.glitch.me)?

No, here’s the glitch

Hi @d0g - sometimes these kinds of redirects for authorization don’t work in iframes for security reasons - if you go to Login - Spotify directly (vs. in the editor preview window) it should work for you. Let us know if it doesn’t!

1 Like

It works! Thanks

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.