I'm working on a hobby project in Go that uses the Spotify Web API. My first step was to get the Authorization Code OAuth flow working. This took a while to get right but now everything seems to work well and I can use my app to receive an access token.
My first test was to use the: https://api.spotify.com/v1/me
endpoint to make sure that it returned my user_id as the current user. Unfortunately, it returns some other user (let's call him Bill Gates). I've revoked access to the app and used it to receive a new Access Token but it always returns Bill Gates as the current user.
I'm not logging into Spotify as Bill Gates so I'm not sure why he is being returned as the current user. Isn't the current user returned by the API endpoint supposed to be the user that logged in to receive an Access Token?
Here's my token requesting code.
package main
import (
"bytes"
"io"
"log"
"net/http"
"net/url"
"os"
b64 "encoding/base64"
)
const (
apiURL = "https://accounts.spotify.com/api/token"
redirectURI = "https://XXXXXXXXXXXXXXXXXXXXXXXXX"
clientID = "XXXXXXXX"
clientSecret = "XXXXXXXX"
)
func main() {
code := "Passed into Lambda as a parameter"
client := &http.Client{}
data := url.Values{}
data.Add("grant_type", "authorization_code")
data.Add("code", code)
data.Add("redirect_uri", redirectURI)
req, err := http.NewRequest("POST", apiURL, bytes.NewBufferString(data.Encode()))
if err != nil {
log.Fatal("Couldn't create new POST request")
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
authString := "Basic " + b64.StdEncoding.EncodeToString([]byte(clientID+":"+clientSecret))
req.Header.Set("Authorization", authString)
resp, err := client.Do(req)
if err != nil {
log.Fatal("Couldn't 'Do' request")
}
defer resp.Body.Close()
io.Copy(os.Stdout, resp.Body)
// Body contains valid access and refresh tokens
}