Spotify Auth + 前端 JavaScript + 客户端凭据流 [英] Spotify Auth + frontend JavaScript + Client Credential Flow

问题描述

使用这些信息
https://developer.spotify.com/web-api/authorization-guide

我正在尝试实施客户端凭据流"以自动化身份验证过程.但不知何故我得到了下面的错误.

I am trying to implement the 'Client Credentials Flow' to automate the authentication process. But somehow I got the error below.

XMLHttpRequest 无法加载 https://accounts.spotify.com/api/token?grant_type=client_credentials.请求的资源上不存在Access-Control-Allow-Origin"标头.因此不允许访问源websiteURL".

XMLHttpRequest cannot load https://accounts.spotify.com/api/token?grant_type=client_credentials. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'websiteURL' is therefore not allowed access.

    $http.get('https://accounts.spotify.com/api/token?grant_type=client_credentials', {
        headers: {
            'Authorization': 'Basic ' + key)
        }
    }).success(function(r) {
        console.log('got access token', r);
    }).error(function(err) {
        console.log('failed to get access token', err); 
    });     

我也通过 Ajax/Jquery 和其他方法尝试过它，但仍然有这个Access-Control-Allow-Origin".

I have also tried it via Ajax / Jquery and other methods but still have this one 'Access-Control-Allow-Origin'.

我已经阅读了很多关于 CORS、Angular、Node 等的内容.老实说，我很困惑我应该使用其中的哪些，而且我不知道如何使用.有人可以帮我简化一下吗?

I have read a lot of stuffs regarding this about CORS, Angular, Node, etc. And honestly I'm confused which of these should I use and I don't have an idea how to. Can someone simplify this for me please?

推荐答案

这不是您要查找的流程 - 客户端凭据流程旨在用于服务器之间的通信.

This is not the flow you're looking for - The Client Credential flow is meant for communication between servers.

相反，请查看授权代码流程，为什么不使用 Jose Perez 出色的 JavaScript 包装器，用于前端使用 Spotify 的 Web API.

Instead, have a look at the Authorization Code Flow, and why not Jose Perez's excellent JavaScript wrapper for front-ends working with Spotify's Web API.

此流程允许您的应用程序用户进行身份验证并授权您的应用程序代表他们执行操作(例如，将曲目添加到播放列表、创建播放列表等).使用客户端凭据流检索的访问令牌未连接到特定用户，这限制了您的应用程序可以使用它执行的操作.

This flow allows your application's users to authenticate and authorize your application to act on their behalf (e.g. add tracks to playlists, create playlists, and so forth). Access tokens retrieved using the Client Credentials flow isn't connected to a specific user, which limits what your application can do using it.

这篇关于Spotify Auth + 前端 JavaScript + 客户端凭据流的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！