I encountered a similar issue previously while developing a tool that interacted with the Spotify API. Your approach to handling rate limiting appears solid, but it seems that the core issue lies in how you manage your OAuth session. Each time you initialize spotipy, it’s possible that a new authorization is being requested, which can conflict with the rate limits imposed by Spotify. It’s advisable to create your Spotify client instance once and reuse it throughout your application, thereby maintaining a consistent authenticated session. Additionally, keep in mind that Spotify enforces stricter limits for newer developer accounts. Make sure to review your app status in the developer dashboard. Lastly, consider using user_playlist_tracks without the username, as this parameter has been deprecated in some updates. A helpful hint: when you receive a 429 error, the retry-after header can provide a precise wait time, which can be more effective than the exponential backoff approach you are currently using.