Skip to content

icoretech/omniauth-spotify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

45 Commits
.github/workflows
.github/workflows
Β 
Β 
lib
lib
Β 
Β 
test
test
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.standard.yml
.standard.yml
Β 
Β 
Gemfile
Gemfile
Β 
Β 
LICENSE.txt
LICENSE.txt
Β 
Β 
README.md
README.md
Β 
Β 
Rakefile
Rakefile
Β 
Β 
omniauth-spotify.gemspec
omniauth-spotify.gemspec
Β 
Β 

Repository files navigation

OmniAuth Spotify Strategy

Test Gem Version

omniauth-spotify provides a Spotify OAuth2 strategy for OmniAuth.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-spotify'

Then run:

bundle install

Usage

Configure OmniAuth in your Rack/Rails app:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :spotify, ENV.fetch('SPOTIFY_CLIENT_ID'), ENV.fetch('SPOTIFY_CLIENT_SECRET'),
           scope: 'user-read-email user-read-private'
end

Provider App Setup

Options

  • scope
  • show_dialog

Forcing a Permission Dialog

Spotify may skip the permission dialog when the user already granted access. To force it:

  • set request.env['rack.session']['omniauth_spotify_force_approval?'] = true, or
  • pass show_dialog=true on the auth request URL.

Backward compatibility is preserved for the historical misspelled key: ommiauth_spotify_force_approval?.

Auth Hash

Example payload from request.env['omniauth.auth'] (real shape, anonymized):

{
  "uid": "1234567890",
  "info": {
    "name": "1234567890",
    "nickname": "1234567890",
    "email": "user@example.test",
    "urls": {
      "spotify": "https://open.spotify.com/user/1234567890"
    },
    "country_code": "IT",
    "product": "free",
    "follower_count": 24
  },
  "credentials": {
    "token": "sample-access-token",
    "refresh_token": "sample-refresh-token",
    "expires_at": 1710000000,
    "expires": true,
    "scope": "user-read-email user-read-private"
  },
  "extra": {
    "raw_info": {
      "country": "IT",
      "display_name": "1234567890",
      "email": "user@example.test",
      "explicit_content": {
        "filter_enabled": false,
        "filter_locked": false
      },
      "external_urls": {
        "spotify": "https://open.spotify.com/user/1234567890"
      },
      "followers": {
        "href": null,
        "total": 24
      },
      "href": "https://api.spotify.com/v1/users/1234567890",
      "id": "1234567890",
      "images": [],
      "product": "free",
      "type": "user",
      "uri": "spotify:user:1234567890"
    }
  }
}

info.email, info.image, info.birthdate, info.country_code, info.product, and info.follower_count are included only when Spotify returns those fields.

Spotify API Changelog Notes

The strategy still uses Spotify's authorization-code flow and GET https://api.spotify.com/v1/me for the current user profile.

Recent changelog items reviewed:

  • February 2026 Development Mode changes: Spotify deprecated country, email, explicit_content, followers, and product and may omit them from GET /me user payloads for affected development-mode apps. The gem treats these fields as optional and omits absent values from info.
  • March 2026 changelog: Spotify reverted the February removal of Album and Track external_ids. This gem does not call Album or Track endpoints and does not map external_ids, so no code change is required for that reversal.
  • February 2025 redirect URI security changes: Spotify rejects localhost redirect URIs and requires HTTPS except for explicit loopback IP literals.
  • Development Mode access changes: if GET /me returns 403 with a message requiring Spotify Premium for the app owner, OAuth token exchange may still be working; the Web API call is blocked by Spotify account/app policy, not by this strategy's auth-hash mapping.

References:

Development

bundle install
bundle exec rake

Run Rails integration tests with an explicit Rails version:

RAILS_VERSION='~> 8.1.0' bundle install
RAILS_VERSION='~> 8.1.0' bundle exec rake test_rails_integration

Test Structure

  • test/omniauth_spotify_test.rb: strategy/unit behavior
  • test/rails_integration_test.rb: full Rack/Rails request+callback flow
  • test/test_helper.rb: shared test bootstrap

Compatibility

  • Ruby: >= 3.2 (tested on 3.2, 3.3, 3.4, 4.0)
  • omniauth-oauth2: >= 1.8, < 2.0
  • Rails integration lanes: ~> 7.1.0, ~> 7.2.0, ~> 8.0.0, ~> 8.1.0

Release

Tag releases as vX.Y.Z; GitHub Actions publishes the gem to RubyGems.

License

MIT

About

πŸ”Œ OmniAuth strategy for Spotify OAuth2 authentication

rubygems.org/gems/omniauth-spotify

Topics

ruby rails spotify gem omniauth oauth2 authentication oauth-provider omniauth-strategy

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

66 stars

Watchers

4 watching

Forks

25 forks
Report repository

Releases

13 tags

Contributors

Languages