我正在尝试创建一个应用程序,从中我可以获得与用户/曲目/专辑相关的所有信息。
我使用以下代码使用 clientid 和 client secret id 进行身份验证。
private static String clintId = "generated id";
private static String clientSecretId = "generated secret id";
private static final URI redirectUri = SpotifyHttpManager.makeUri("http://localhost:8080/api/get-user-code/");
public static final SpotifyApi spotifyApi = new SpotifyApi.Builder()
.setClientId(clintId)
.setClientSecret(clientSecretId)
.setRedirectUri(redirectUri)
.build();
@GetMapping("login")
@ResponseBody
public String spotifyLogin(){
AuthorizationCodeUriRequest authorizationCodeUriRequest = spotifyApi.authorizationCodeUri()
.scope("user-read-private user-read-email user-top-read user-library-read user-library-modify")
.show_dialog(true)
.build();
final URI uri = authorizationCodeUriRequest.execute();
return uri.toString();
}
@GetMapping(value="get-user-code")
public void getSpotifyUserCode(@RequestParam("code") String userCode, HttpServletResponse response) throws IOException {
AuthorizationCodeRequest authorizationCodeRequest = spotifyApi.authorizationCode(userCode)
.build();
try {
final AuthorizationCodeCredentials authorizationCodeCredentials = authorizationCodeRequest.execute();
// Set access and refresh token for further "spotifyApi" object usage
System.out.println("Access token::"+authorizationCodeCredentials.getAccessToken());
spotifyApi.setAccessToken(authorizationCodeCredentials.getAccessToken());
spotifyApi.setRefreshToken(authorizationCodeCredentials.getRefreshToken());
System.out.println("Expires in: " + authorizationCodeCredentials.getExpiresIn());
} catch (IOException | SpotifyWebApiException | org.apache.hc.core5.http.ParseException e){
System.out.println("Error: " + e.getMessage());
}
response.sendRedirect("http://localhost:3000/home");
}
现在举一个例子:假设我已经从
User A
(来自开发仪表板)创建了上面的客户端ID和秘密ID,所以对于User A
一切正常,就像我能够获得用户配置文件,跟踪等
但是假设如果我尝试使用
User B
生成的客户端 ID 和秘密 ID 获取 User A
的相同详细信息,例如用户个人资料/曲目等,那么无法获取 User B
的这些信息,它显示“forbidden
”。
所以我的问题是如何获取用户 B 的这些信息(带有用户 A 客户端 ID 和秘密详细信息)?