fix(apps): remove invalid user-personalized Spotify scope#15
Merged
Conversation
user-personalized is not a public Spotify Web API scope — the authorization endpoint rejects it with invalid_scope, breaking the OAuth callback with "Missing code or state parameter" for every reconnection attempt on v0.0.17. The remaining read scopes (email, private, library, playlists, top, recently-played, follow, playback-state, currently-playing, playback-position) cover all documented Spotify Web API reads. Signed-off-by: Radek Ježek <radek.jezek@ibm.com>
github-project-automation
bot
moved this from Backlog
to Done
in Kagenti Issue Prioritization
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
user-personalizedis not a valid public Spotify Web API scope. Despite appearing in a scope-reference page summary, Spotify's/authorizeendpoint rejects it withinvalid_scope, which redirects back without acode— producing "Connection failed — Missing code or state parameter" for every Spotify (re)connection on v0.0.17.Community confirmation: Spotify Community — Illegal scope.
Fix
Removes
user-personalizedfrom bothdefaultScopesandpermissions[]. Remaining 11 read scopes cover every public Spotify Web API read:user-read-email,user-read-private,user-library-read,playlist-read-private,playlist-read-collaborative,user-top-read,user-read-recently-played,user-follow-read,user-read-playback-state,user-read-currently-playing,user-read-playback-position.Test plan
pnpm --filter @onecli/web lint— cleanpnpm --filter @onecli/web check-types— cleancode/state,/mereturns 200