arctic: [BUG] spotify.validateAuthorizationCode(code) return Error 405: Method Not Allowed

I followed the docs to implement Spotify OAuth with Arctic and Multiple OAuth providers with Lucia and when using the spotify.validateAuthorizationCode(code) function to get the tokens, I have a 405 error Method Not Allowed

Capture d’écran 2024-02-20 à 14 21 05

I used the code from the Spotify documentation and it works:

const response = await fetch('https://accounts.spotify.com/api/token', {
	method: 'POST',
	headers: {
		'Content-Type': 'application/x-www-form-urlencoded',
		Authorization: `Basic ${VITE_BASIC_TOKEN}`
	},
	body: new URLSearchParams({
		code: code || '',
		redirect_uri: `${VITE_BASE_URL}/login/spotify/callback`,
		grant_type: 'authorization_code',
		code_verifier: storedState || '',
		client_id: VITE_SPOTIFY_CLIENT_ID
	})
});
const tokens = await response.json();

About this issue

Original URL
State: closed
Created 4 months ago
Comments: 21 (9 by maintainers)

Most upvoted comments

I think this is a bun related issue, using the discord oauth client I receive the same error, the it appears to be a bug with bun’s Request object not using the proper method

broken:
const request = new Request(this.tokenEndpoint, {
   method: "POST",
   headers,
   body
});

fetch(request);
working:
const response = await fetch(this.tokenEndpoint, {
   method: "POST",
   headers,
   body
});
if you run the broken code on bun you will receive a 405, so my assumption is some bun bug doesn’t pass the req method correctly and it just uses a get request… ( i modified this in node_modules/arctic/node_modules/oslo/dist/oauth2/index.js:106:9 )

Oh nice catch, I’m using Bun too, first project I am using it, and haven’t thought about that possibility. Maybe it’s a bit too soon to try bun on projects even after 1.0 then 😅.

Thomasevano on Feb 26, 2024