I’m working on an application that uses libspotify and I want to streamline the login process for my users. Instead of making them authenticate separately for both services, I’m looking for a way to handle both Spotify and Facebook authentication with just one login.
My current setup:
Application built with libspotify
Also registered as a Facebook application
Need access to both platforms simultaneously
Approach I’m considering:
User logs in once using their Facebook account, which grants my app authorization. From this Facebook session, I want to establish a connection to their Spotify account as well.
Questions I have:
Is it technically feasible to use Facebook credentials to authenticate with Spotify?
What would be the proper OAuth flow for this type of integration?
Are there any security considerations I should be aware of?
Could I potentially use Facebook session tokens to request additional permissions later?
I want to make sure I’m following best practices for OAuth security while providing a smooth user experience. Any guidance on the correct implementation approach would be really helpful.
yeah, fb n spotify are totally different. u can’t use fb creds for spotify. best bet is to make them log in sequentially, but def keep those tokens safe!
You can’t do this with standard OAuth flows. Each service keeps its own identity system separate - Facebook tokens won’t work with Spotify’s endpoints.
I solved this by building middleware that handles both auths behind the scenes. After Facebook login succeeds, my backend automatically kicks off Spotify’s OAuth using the user’s stored preferences. The trick is keeping the session smooth so it feels like one login instead of two.
Here’s what’ll bite you: when Facebook works but Spotify fails. Users get confused, so I built a rollback that wipes the Facebook session if Spotify auth crashes.
Also heads up - token lifespans are totally different. Facebook tokens last way longer than Spotify’s, so you’ll need separate refresh strategies for each service.
Sounds like you need automation instead of trying to chain OAuth flows manually.
I’ve done similar multi-platform integrations - the manual approach gets messy fast. You’ll write tons of code managing state between auth flows, handling failures, storing tokens securely, and refreshing when they expire.
Better solution: use an automation platform that handles OAuth complexity for you. Skip building custom token management and chaining logic - just set up automated workflows connecting both services.
With the right tool, users still get single login, but behind the scenes it properly handles Facebook and Spotify auth according to each platform’s requirements. No security shortcuts or hacky workarounds.
The workflow triggers Facebook auth first, then automatically starts Spotify auth, manages token storage and refresh cycles, and only marks users as fully authenticated once both platforms connect.
This saves you from writing hundreds of lines of OAuth code while staying compliant with both platforms’ security requirements.
Check out Latenode for this - it handles OAuth flows and token management automatically so you can focus on actual app features: https://latenode.com
libspotify is deprecated btw, spotify killed it years ago. might wanna switch to their web api instead. for the auth thing - just do it sequentially like others said, no magic shortcuts exist.
Nope, you can’t do that with standard OAuth. Facebook and Spotify have completely separate auth systems - there’s no way to share credentials between platforms. I hit this same problem building a music discovery app a couple years back. Here’s what actually worked: I built a custom login screen that handles both logins back-to-back but makes it look like one step to users. Once Facebook login works, I immediately redirect to Spotify’s OAuth without any loading screens in between. The trick is keeping session state through the whole process and only marking auth as complete when you’ve got both tokens. Security-wise, use PKCE for your OAuth flows and don’t store tokens on the client side. Oh, and both platforms expire tokens differently, so build solid refresh logic upfront or you’ll regret it later.
You can’t directly share credentials between Facebook and Spotify. Each platform has its own OAuth system and won’t accept tokens from the other - it’s a security thing. I built something like this last year. Best approach? Chain the logins in the same session. User logs into Facebook first, then immediately redirect them to Spotify’s auth. Feels like one smooth process even though it’s actually two separate handshakes. Keep state between both logins and store the tokens securely on your backend. I used session storage to track progress and only marked users as fully logged in after both platforms returned valid tokens. Security-wise: don’t try to hack around either platform’s OAuth flow. Both Facebook and Spotify have rate limiting and will flag your app if you do anything sketchy.