Skip to content
OmniAuth strategy for Spotify Web API
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib Bump to 0.0.13 Mar 28, 2017
.gitignore First commit Jun 17, 2014
Gemfile First commit Jun 17, 2014
LICENSE.txt First commit Jun 17, 2014 Replacing Rails secrets with Rails credentials Jul 9, 2018
Rakefile First commit Jun 17, 2014
omniauth-spotify.gemspec there should be no need for requiring omniauth in gemspec Jun 18, 2014

Spotify OmniAuth Strategy

This gem provides a simple way to authenticate to the Spotify Web API using OmniAuth with OAuth2.


Add this line to your application's Gemfile:

gem 'omniauth-spotify'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-spotify


You'll need to register an app on Spotify, you can do this here -!/applications

Usage of the gem is very similar to other OmniAuth strategies. You'll need to add your app credentials to config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :spotify, Rails.application.credentials.spotify[:client_id], Rails.application.credentials.spotify[:client_secret], scope: %w(
  ).join(' ')

Please replace the example scope provided with your own. Read more about scopes here:

Or with Devise in config/initializers/devise.rb:

config.omniauth :spotify, Rails.application.credentials.spotify[:client_id], Rails.application.credentials.spotify[:client_secret], scope: %w(
).join(' ')

Forcing a Permission-Request Dialog

If a user has given permission for an app to access a scope, that permission won't be asked again unless the user revokes access. In these cases, authorization sequences proceed without user interation.

To force a permission dialog being shown to the user, which also makes it possible for them to switch Spotify accounts, set either request.env['rack.session'][:ommiauth_spotify_force_approval?] or flash[:ommiauth_spotify_force_approval?] (Rails apps only) to a truthy value on the request that performs the Omniauth redirection.

Alternately, you can pass show_dialog=true when you redirect to your spotify auth URL if you prefer not to use the session.


Auth Hash Schema

  • Authorization data is available in the request.env['omniauth.auth'].credentials -- a hash that also responds to the token, refresh_token, expires_at, and expires methods.
    "token" => "xxxx",
    "refresh_token" => "xxxx",
    "expires_at" => 1403021232,
    "expires" => true
  • Information about the authorized Spotify user is available in the request.env['omniauth.auth'].info hash. e.g.
    :name => "Claudio Poli",
    :nickname => "SomeName",
    :email => "",
    :urls => {"spotify" => ""},
    :image => "",
    :birthdate => Mon, 01 Mar 1993, # Date class
    :country_code => "IT",
    :product => "open",
    :follower_count => 10

The username/nickname is also available via a call to request.env['omniauth.auth'].uid.

  • Unless the user-read-private scope is included, the birthdate, country, image, and product fields may be nil, and the name field will be set to the username/nickname instead of the display name.

  • The email field will be nil if the 'user-read-email' scope isn't included.

  • The raw response to the me endpoint call is also available in request.env['omniauth.auth'].extra['raw_info']. e.g.

  "country" => "IT",
  "display_name" => "Claudio Poli",
  "birthdate" => "1993-03-01",
  "email" => "",
  "external_urls" => {
    "spotify" => ""
  "followers" => {
    "href" => nil,
    "total" => 10
  "href" => "",
  "id" => "1111111111",
  "images" => [
      "height" => nil,
      "url" => "",
      "width" => nil
  "product" => "open",
  "type" => "user",
  "uri" => "spotify:user:1111111111"


This gem is brought to you by the AudioBox guys. Enjoy!


  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
You can’t perform that action at this time.