Aura Auth
OAuth Providers

Spotify Authorization Provider

Configure the Spotify OAuth 2.0 provider in Aura Auth for authentication and authorization.

Spotify

Set up the Spotify authorization provider for the authentication instance in Aura Auth.

What you'll learn

Through this quick start guide, you will learn and understand the basics of how to set up the Spotify provider for Aura Auth.

Spotify OAuth App

Creating a Spotify OAuth Application

The first step is to create and register a Spotify App to grant access to the user's accessible resources like Get Current User's Profile (Used by Aura Auth), Playlists, Playbacks, Libraries, etc. For more detailed information read Getting started with Web API, Spotify Developer Dashboard, and Scopes.

Creating a Spotify OAuth app includes:

  • App name: The application name shown when the user tries to grant access to the app.

  • App description: The description of the Spotify application.

  • Redirect URIs: The URL to which Spotify OAuth will redirect. It should end in /auth/callback/spotify for local and production environments.

    • Local environment: http://192.168.x.y:3000/auth/callback/spotify.

    • Production environment: Set the URL of your production application.

      Spotify only accepts HTTPS URIs, or explicit IPv4 or IPv6 addresses. Localhost is not allowed to be registered. For more detailed information about Redirect URIs, refer to the official documentation.

  • Scopes: Select scopes based on your application's needs. Aura Auth uses:

    • user-read-email
    • user-read-private

Spotify Aura Auth

Installation

Install the package using a package manager like npm, pnpm or yarn.

npm install @aura-stack/auth

Environment setup

Now, it's time to set up the Spotify credentials required by Aura Auth, which include the client Id and client Secret, and write them into a .env file.

Additionally set the secret used by Aura Auth to sign and encrypt the user's session.

.env
# Spotify Credentials
AURA_AUTH_SPOTIFY_CLIENT_ID="spotify_client_id"
AURA_AUTH_SPOTIFY_CLIENT_SECRET="spotify_client_secret"

# Aura Secret
AURA_AUTH_SECRET="32-bytes-secret"

The AURA_AUTH_SECRET is recommended to be a random and high entropy key to avoid attackers deciphering the secret used by the Aura Auth application.

Configure the provider

Set the oauth option of the createAuth instance by writing the "spotify" provider name.

@/auth
import { createAuth } from "@aura-stack/auth"

export const auth = createAuth({
  oauth: ["spotify"],
})

export const { handlers } = auth

Get HTTP Handlers

Use the HTTP handlers to consume the authentication logic and flow from the Aura Auth library to integrate it into routers and frameworks.

backend.ts
import { handlers } from "@/auth"

export const { GET, POST } = handlers

The returned handlers include pre-built routes used in OAuth flows (/signIn/:oauth, /callback/:oauth, /session, /signOut and /csrfToken). You can mount them in Express, Hono, Next.js, or any runtime that supports native Request and Response APIs.

Resources

Pinterest Authorization Provider

Add Pinterest authorization provider to Aura Auth to authentication and authorize

Strava Authorization Provider

Add Strava authorization provider to Aura Auth to authentication and authorize

On this page

SpotifyWhat you'll learnSpotify OAuth AppCreating a Spotify OAuth ApplicationSpotify Aura AuthInstallationEnvironment setupConfigure the providerGet HTTP HandlersResources