Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix LB-432: Check spotify token scopes and fallback graciously #558

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
2 participants
@MonkeyDo
Copy link
Contributor

MonkeyDo commented Mar 18, 2019

Summary

  • This is a…
    • (x) Bug fix

Problem

https://tickets.metabrainz.org/projects/LB/issues/LB-432
With a spotify account linked for only recording listens, the resulting scope error was not recognised as such, and the player entered a loop of reconnection/retry until Spotify complained about too many attempts.

I implemented an initial check of the token scopes to save some other error being thrown (and caught adequately) by the Spotify web player.

While I was at it I improved the component unmounting in case of fallback to embedded player.

@paramsingh
Copy link
Member

paramsingh left a comment

We store the permissions we've taken from the user in the db. Should we just use that instead? I can pass it in props with the token?

@MonkeyDo

This comment has been minimized.

Copy link
Contributor Author

MonkeyDo commented Mar 18, 2019

We store the permissions we've taken from the user in the db. Should we just use that instead? I can pass it in props with the token?

I hadn't though about it. Yes, that's much better. Is there stored somewhere the distinction wether the user is linked with the feature "play listens", or just an array of permissions?

@paramsingh

This comment has been minimized.

Copy link
Member

paramsingh commented Mar 19, 2019

@MonkeyDo We have a flag for record_listens but not for play listens. But the permissions for both features don't intersect at all, and i think it would just be a simple check of whether streaming is in the list of permissions or not.

@MonkeyDo

This comment has been minimized.

Copy link
Contributor Author

MonkeyDo commented Mar 19, 2019

Spotify does things a bit weird sometimes. As far as I know, for the front-end player to work properly, I need to check the user has either:

  • https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback; note the scope web-playback, which is not one of the existing scopes but probably a shortcut for:
  • ["streaming", "user-read-birthdate", "user-read-email", "user-read-private"] scopes.

I think the simplest will be to return the array of scopes along with the token on page load, as well as during a refresh-token API call.
I can then compare with the array of scopes mentioned above, saving an HTTP call.

@MonkeyDo

This comment has been minimized.

Copy link
Contributor Author

MonkeyDo commented Mar 19, 2019

Incorporated into #560

@MonkeyDo MonkeyDo closed this Mar 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.