Skip to content
Spotify authentication strategy for Passport and Node.js.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples/login update example (#76) Aug 23, 2018
lib/passport-spotify Pass all files through prettier Jul 26, 2018
test Greenkeeper/sinon 4.4.2 (#49) Feb 26, 2018
.coveralls.yml Adding coveralls May 11, 2014
.gitignore first commit May 11, 2014
.npmignore Upgraded dependencies Jun 19, 2014
.travis.yml Update to node 10 in .travis.yml (#63) Apr 30, 2018
Makefile Make travis run coveralls reporting May 11, 2014 Updating packages to solve potential vulnerabilities Jul 26, 2018
_config.yml Set theme jekyll-theme-minimal Dec 17, 2016
package.json chore(package): update sinon to version 7.2.3 (#78) Feb 2, 2019


Passport strategy for authenticating with Spotify using the OAuth 2.0 API.

This module lets you authenticate using Spotify in your Node.js applications. By plugging into Passport, Spotify authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

For more information about Spotify's OAuth 2.0 implementation, check their Web API Authorization Guide.


$ npm install passport-spotify


Configure Strategy

The Spotify authentication strategy authenticates users using a Spotify account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

const SpotifyStrategy = require('passport-spotify').Strategy;

  new SpotifyStrategy(
      clientID: client_id,
      clientSecret: client_secret,
      callbackURL: 'http://localhost:8888/auth/spotify/callback'
    function(accessToken, refreshToken, expires_in, profile, done) {
      User.findOrCreate({ spotifyId: }, function(err, user) {
        return done(err, user);

Authenticate Requests

Use passport.authenticate(), specifying the 'spotify' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/spotify', passport.authenticate('spotify'), function(req, res) {
  // The request will be redirected to spotify for authentication, so this
  // function will not be called.

  passport.authenticate('spotify', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.

Using scopes

Depending on the data you want to fetch, you may want to specify custom scopes. For more information about scopes in the Spotify Web API check their developer site.

By default, no scope is passed. That means that you won't fetch information such as display name, picture or email. You can get those by using these scopes:

  • user-read-email: Returns the email address of the user on Spotify, if it exists.
  • user-read-private: Returns private information about the user such as display name and picture, if they are set.

You can specify the parameters in the authenticate call:

  passport.authenticate('spotify', {
    scope: ['user-read-email', 'user-read-private']
  function(req, res) {
    // The request will be redirected to spotify for authentication, so this
    // function will not be called.

Forcing login dialog

You can force the login dialog using the showDialog parameter when authenticating:

  passport.authenticate('spotify', {
    scope: ['user-read-email', 'user-read-private'],
    showDialog: true
  function(req, res) {
    // The request will be redirected to spotify for authentication, so this
    // function will not be called.


For a complete, working example, refer to the login example.

You can get your keys on Spotify - My Applications.


$ npm install --dev
$ make test

Build and Coverage Status

Build Status Coverage Status


The MIT License

You can’t perform that action at this time.