是否可以使用Spotify Web API编写没有回调URI的桌面应用程序? [英] Is it possible to use the Spotify Web API to write a desktop application without a callback URI?
问题描述
我想为个人使用写一个简单的桌面应用程序,使用Spotify Web API来构建播放列表。
然而,据我所知,没有办法使用API没有提供回调URI,我没有,看到我没有任何类型的域或服务器(除了我的个人计算机)。
有没有方法可以在没有URI的情况下使用API?
如果不是,设置回调URI的最佳方法是什么?我没有太多的任何经验使用Web应用程序或客户端/服务器的东西,而我以前使用的API不需要任何回调。
你需要一个访问令牌。有三种方式来检索访问令牌;认证代码流,客户端凭据流和隐式授予流。这些都是oAuth 2.0规范的一部分,每个都有自己的目的。
由于你要修改用户的帐户,你需要用户的权限。现在,如果您没有做任何需要用户权限的操作,您可以使用客户端凭据流。这可能是最容易学习的流程,因为它只需要从您的服务器到Spotify的服务器的请求,并且响应包含访问令牌。没有回调/重定向URI是必要的。
我相信你已经阅读,认证代码流和隐式授权流都需要一个回调URI。这是因为包含用户的流和回调URI是Spotify在Spotify的网站上输入用户的密码后重定向用户的位置。
身份验证代码流和隐式授权流具有优点和缺点。可以刷新通过身份验证代码流检索的访问令牌,但两者都返回有效期为一小时的令牌。这意味着使用隐式授权流进行身份验证的用户必须在一小时后重新进行身份验证。然而,认证代码流需要一些后端工作,因为它需要做出请求来交换从Spotify的服务器给出的用于访问令牌的代码。
回调URI可以是本地主机地址,因此,如果您的桌面应用程序将在本地启动Web服务器,您可以在运行应用程序的同一台计算机上处理回调。 (这可能是一个好主意,不运行在端口80上的Web服务器,因为可能被别的东西使用。)
每个认证流都有骨架代码在Github上,请参阅 web-api-auth-examples 。请在我们的授权指南中详细了解流程。如果您选择在用户计算机上运行Web服务器,我建议您使用隐式授权流程,因为它不包括任何服务器到服务器请求,因此您不必公开您的 client_secret 。 (与授权代码流相反。)
此外,由于您使用Python编码,因此建议您查看 spotipy ,一个环绕Web API的包装,包含方便的方法,这将节省您一些时间。如果您继续使用隐式授权流程,则应该查看 spotify-web- api-js ,其具有类似的目的。请注意,这些包装程序根本不需要使用Web API,但它们会使您的生活更轻松。
I would like to write a simple desktop application for personal use that uses the Spotify Web API to build playlists.
As far as I can tell, however, there's no way to use the API without providing a callback URI, which I don't have, seeing as I don't have a domain or server of any kind (other than my personal computer).
Is there a way to use the API without a URI?
If not, what is the best way to set up a callback URI? I don't have much of any experience working with web applications or client / server stuff, and the APIs I've used in the past haven't required any kind of callback.
Some background first, this answer became a bit longer than what I anticipated.
You need an access token. There are three ways to retrieve an access token; Authentication Code flow, Client Credentials flow, and Implicit Grant flow. These are all part of the oAuth 2.0 specification, each with its own purpose.
Since you're going to modify a user's account, you need that user's permission. Now, if you didn't do any actions that required user permissions, you could've used the Client Credentials flow. That's probably the easiest flow to learn since it just requires a request from your server to Spotify's server, and the response contains an access token. No callback/redirect URI is necessary.
As I'm sure you've read, the Authentication Code flow and Implicit Grant flow both require a callback URI. This is because a flow that includes a user, and the callback URI is where Spotify redirects the user after they have entered their password on Spotify's site.
The Authentication Code flow and Implicit Grant flow has benefits and drawbacks. Access tokens retrieved through the Authentication Code flow can be refreshed, but both return tokens that are valid for one hour. This means that a user that's authenticating using the Implicit Grant flow must reauthenticate after an hour. However, the Authentication Code flow does require some backend work, since it needs to make a request to exchange a code given from Spotify's server for an access token. The Implicit Grant flow is more straight forward - you get the access token and off you go.
The callback URI can be a localhost address, so if your desktop application would spin up a web server locally you could handle the callback on the same machine that the application is running on. (It's probably a good idea to not run the web server on port 80 since that might be used by something else.)
There's skeleton code for each of this authentication flows available on Github, see web-api-auth-examples. Read more about the flows in our Authorization Guide. If you choose to run a web server on the user's machine, I recommend that you use the Implicit Grant flow since that doesn't include any server-to-server requests, so you won't have to expose your client_secret exposed in the code. (As opposed to the Authorization Code flow.)
Also, since you're coding in Python, I recommend that you have a look at spotipy, a wrapper around the Web API packed with convenient methods that'll save you some time. If you do go ahead with the Implicit Grant flow, you should have a look at spotify-web-api-js, which has a similar purpose. Note that these wrappers are not at all required to work with the Web API but they'll make your life easier.
这篇关于是否可以使用Spotify Web API编写没有回调URI的桌面应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
