Spotify Auth +前端JavaScript +客户端凭据流 [英] Spotify Auth + frontend JavaScript + Client Credential Flow

问题描述

使用这些信息
https://developer.spotify.com/web-api/authorization-guide

Using these information
https://developer.spotify.com/web-api/authorization-guide

我正在尝试实施客户端凭据流程"以自动执行身份验证过程.但是不知何故我收到了下面的错误.

I am trying to implement the 'Client Credentials Flow' to automate the authentication process. But somehow I got the error below.

XMLHttpRequest无法加载 https://accounts.spotify.com/api/token?grant_type = client_credentials .所请求的资源上没有"Access-Control-Allow-Origin"标头.因此，不允许访问源"websiteURL".

XMLHttpRequest cannot load https://accounts.spotify.com/api/token?grant_type=client_credentials. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'websiteURL' is therefore not allowed access.

    $http.get('https://accounts.spotify.com/api/token?grant_type=client_credentials', {
        headers: {
            'Authorization': 'Basic ' + key)
        }
    }).success(function(r) {
        console.log('got access token', r);
    }).error(function(err) {
        console.log('failed to get access token', err); 
    });     

我也通过Ajax/Jquery和其他方法尝试过它，但是仍然有一个"Access-Control-Allow-Origin".

I have also tried it via Ajax / Jquery and other methods but still have this one 'Access-Control-Allow-Origin'.

我已经阅读了很多有关CORS，Angular，Node等的内容.老实说，我很困惑应该使用其中的哪些，但我不知道如何使用. 有人可以为我简化一下吗?

I have read a lot of stuffs regarding this about CORS, Angular, Node, etc. And honestly I'm confused which of these should I use and I don't have an idea how to. Can someone simplify this for me please?

推荐答案

这不是您要查找的流程-客户端凭据流程用于服务器之间的通信.

This is not the flow you're looking for - The Client Credential flow is meant for communication between servers.

相反，请查看授权代码流，为何何塞·佩雷斯(Jose Perez)出色的 JavaScript包装器用于与Spotify的Web API配合使用的前端.

Instead, have a look at the Authorization Code Flow, and why not Jose Perez's excellent JavaScript wrapper for front-ends working with Spotify's Web API.

此流程允许您的应用程序的用户验证和授权您的应用程序代表他们执行操作(例如，将曲目添加到播放列表，创建播放列表等).使用客户端凭据"流检索的访问令牌未连接到特定用户，这限制了您的应用程序可以使用它进行操作.

This flow allows your application's users to authenticate and authorize your application to act on their behalf (e.g. add tracks to playlists, create playlists, and so forth). Access tokens retrieved using the Client Credentials flow isn't connected to a specific user, which limits what your application can do using it.

这篇关于Spotify Auth +前端JavaScript +客户端凭据流的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！