New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CB-261: Autheticate requests to Spotify Web API #123
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking a look at this. There are some issues which should be easy to fix.
Also don't forget to add configuration values into custom_config.py.example and describe how to get the values from Spotify.
default_config.py
Outdated
@@ -59,6 +59,10 @@ | |||
MUSICBRAINZ_CLIENT_ID = "" | |||
MUSICBRAINZ_CLIENT_SECRET = "" | |||
|
|||
# Spotify | |||
SPOTIFY_CLIENT_ID = "EXAMPLE_CLIENT_ID" | |||
SPOTIFY_CLIENT_SECRET = "EXAMPLE_CLIENT_SECRET" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just set those to be empty strings.
).json() | ||
access_token = access_token.get('access_token') | ||
if not access_token: | ||
raise Exception("Could not fetch access token for Spotify") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try not to use Exception
class. This makes it very inconvenient to capture since having except Exception
is typically a bad idea. It's better to subclass it with something specific to this module/package.
|
||
|
||
def get_spotify(url): | ||
"""Make a GET request to Spotify Web API. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not very accurate. It currently makes a GET request to whatever URL is provided, not just from spotify.com. One thing you can do here is instead accept a path with query string and append it to the base URL of the Spotify API.
|
||
BASE_URL = "https://api.spotify.com/v1" | ||
|
||
|
||
def fetch_access_token(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sure to prefix functions that are not meant to be used outside of the module with _
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
get_spotify
too?
url = BASE_URL + query | ||
headers = {"Authorization": f"Bearer {access_token}"} | ||
|
||
result = requests.get(f"{url}", headers=headers) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
f"{url}"
Nice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should probably try being consistent in our format strings, whether this is %
, .format
, or f""
- my opinion is that having too many isn't a good thing. If we want to slowly move from one style to another, that's OK (I'm not sure if this has already been talked about)
In this specific case, do we actually need the format string? we can just do requests.get(url)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, we don't need it.
And no, we haven't discussed this. I think f-strings are new in Python 3, so we couldn't have used it before. This inconsistency might be partially my fault since at the beginning I used %
and then started switching to .format
since it allows to specify placeholder names explicitly.
Added function
fetch_access_token
for authenticating requests to Spotify Web API. Since, CB doesn't need access to spotify users' private data, I've usedClient Credential Flow
as the authorization flow requiring only the client credentials for fetching access token.