Authenticating with Spotify's web API
Now that we have the code to load the configuration file for us, we are going to start coding the authentication part of our framework. Spotify currently supports three kinds of authentication: authorization code, client credentials, and implicitly grant. We are going to implement authorization code and client credentials in this chapter, and we will start by implementing the client credentials flow, which is the easiest to start with.
The client credentials flow has some disadvantages over the authorization code flow because the flow does not include authorization and cannot access the user's private data as well as control playback. We will implement and use this flow for now, but we will change to authorization code when we start implementing the terminal player.
First, we are going to create a file called authorization.py in the musicterminal/pytify/auth directory with the following contents:
from collections import namedtuple
Authorization = namedtuple('Authorization', [
'access_token',
'token_type',
'expires_in',
'scope',
'refresh_token',
])
This is going to be the authentication model and it will contain the data we get after requesting an access token. In the following list, you can see a description of every property:
- access_token: The token that has to be sent together with every request to the Web API
- token_type: The type of the token, which is usually Bearer
- expires_in: The access_token expiration time, which is 3600 seconds (1 hour)
- scope: The scope is basically the permissions that Spotify's user granted to our application
- refresh_token: The token that can be used to refresh the access_token after the expiration
The last touch is to create a __init__.py file in the musicterminal/pytify/auth directory and import the Authorization , which is a namedtuple:
from .authorization import Authorization