Access without login #58
Comments
|
This is actually what the Previously, any request to play.spotify.com returned null credentials until the client authenticates with a HTTP POST to This method stopped working a while ago, but now testing it again it seems like it is working again with the latest changes. What you have noticed however, is that now, new requests to play.spotify.com provide an anonymous session credentials anyway rather than null credentials. This occurs on any landing page, not only those redirected from open.spotify.com. So, although the current code works, ideally it could be refactored to utilise the existing anonymous credentials from the landing page request and save one RTT and not perform the POST in that case. I've noticed that there's a In terms of actually using this, a quick example that I've tested is: var uri = 'spotify:track:6tdp8sdXrXlPV6AZZN2PE8';
var spotify = new Spotify();
spotify.anonymousLogin(function(err){
if (err) throw err;
spotify.get(uri, function (err, track) {
if (err) throw err;
console.log('Open %s in your browser for a 30 second preview of: %s - %s', track.previewUrl, track.artist[0].name, track.name);
spotify.disconnect();
});
});As you discovered, anonymous users don't seem to be able to play any tracks, all mp3 requests return a |
|
More research and I'm still confused about this feature. It seems now that you were correct, in that the landing page only provides anonymous credentials when you have the cookie from open.spotify.com Also, the previous method going via I did however find a legitimate way of consistently triggering the anonymous session logic in the official player, if you are logged in to Facebook, but not connected to the app (as in have not authorised the Spotify app), and navigate to https://play.spotify.com/?flow=fb then it will try to create an anonymous session with a POST to Assuming that the 500 errors will go away and be fixed eventually as it is actually legitimately written into the code, and considering that going to open.spotify.com to redirect to the landing page is an extra hop/redirect, the number of hops would be about the same as the landing page + xhr POST combo we currently have, and is also simpler as it shares the same code for all three login types, so I don't think that any code changes are needed. Reopen this issue if there's anything else... |
|
Good news everyone! /cc @TooTallNate @MiniGod
The secret sauce is Facebook interestingly, but not in the way you'd expect. There's code in the player to drive users who haven't got a Spotify account to use the app but incentivise them to sign up with a banner, as shown in the screenshot above. So to get to anonymous mode in the offical player, two (or three) steps:
So what happens is the notification.php sets a plp cookie. Then you load up the landing page, which gives you the tracking id, csrftoken, etc. and POST to the auth.php, which returns a 500 error. But then if you load up the landing page again, the credentials are there because the POST actually worked. I've tried playing tracks as well as Radio, both seem to work but there's a time cap. (Coincidently, that's the error 12 that we were seeing previously when we were trying to play tracks with an anonymous account). Expect some PRs related to this... |
I'm not sure if its a bug by Spotify, but it is possible to navigate through http://play.spotify.com/ without authenticating.
Opening http://play.spotify.com/ directly will give you a static signup page with background covered with albums.
If you go through open.spotify.com (sets the
sps(spotify session?) cookie), you'll notice that the play UI loads behind the signup overlay.If you hide/delete
#overlay, everything works except playing songs, and crud'ing user data (playlists). You can even start a radio, and skip through it to get suggestions, etc (but it wont play).It would be great to be able to access all this data without having to
.login?The text was updated successfully, but these errors were encountered: