spotify-cli / auth/flow
auth/flow
OAuth 2.0 authorization code flow with PKCE for Spotify.
Handles the full login flow (browser-based authorization, code exchange) and token refresh.
Functions
login()
login(
clientIdFlag?):Promise<StoredTokens>
Defined in: src/auth/flow.ts:31
Performs the full OAuth PKCE login flow.
- Resolves the client ID (from flag, env var, or stored config).
- Generates PKCE code verifier/challenge and a random state.
- Opens the user's browser to the Spotify authorization page.
- Starts a local callback server to receive the authorization code.
- Exchanges the code for access and refresh tokens.
- Persists the tokens to disk.
Parameters
clientIdFlag?
string
Optional client ID passed via the --client-id flag.
Returns
Promise<StoredTokens>
The stored tokens after successful login.
Throws
SpotifyCliError on network or auth errors.
refreshAccessToken()
refreshAccessToken(
tokens):Promise<StoredTokens>
Defined in: src/auth/flow.ts:113
Refreshes an expired access token using the stored refresh token.
The new tokens are persisted to disk. If Spotify issues a new refresh token, it replaces the old one; otherwise the existing refresh token is preserved.
Parameters
tokens
The current (expired) stored tokens.
Returns
Promise<StoredTokens>
Updated tokens with a fresh access token.
Throws
SpotifyCliError on network or auth errors.