Skip to content

feat: PKCE auth flow + custom Client ID #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
0Chencc merged 1 commit into from
Feb 8, 2026
Merged

feat: PKCE auth flow + custom Client ID #12

0Chencc merged 1 commit into from
Feb 8, 2026
+742 −2,977

Conversation

@0Chencc
Copy link
Owner

@0Chencc 0Chencc commented Feb 8, 2026

Summary

  • PKCE Migration: Replace Authorization Code Flow with PKCE, removing client_secret requirement entirely. Default client_id hardcoded in AppConfig, setup guide screen removed for zero-config onboarding.
  • Custom Client ID: Users can override the default Client ID via Settings > Advanced Options or directly on the Login screen (accessible even when rate-limited). All auth/token/playback code unified through effectiveSpotifyClientIdProvider.
  • TokenRefreshService rebuild: Lazy singleton is automatically rebuilt when client_id changes, tracked via _lastTokenRefreshClientId.

Changes

  • AppConfig: added default spotifyClientId
  • OAuthService: PKCE flow with code_verifier / code_challenge
  • AuthRepositoryImpl / TokenRefreshService: accept clientId parameter instead of reading AppConfig directly
  • CredentialsLocalDataSource: added getCustomSpotifyClientId() / saveCustomSpotifyClientId() / clearCustomSpotifyClientId()
  • CredentialsProvider: added customSpotifyClientId state + effectiveSpotifyClientIdProvider
  • FocusSessionProvider / PlaybackProvider: replaced AppConfig.spotifyClientId with effectiveSpotifyClientIdProvider
  • LoginScreen: added Advanced Options section for pre-login Client ID configuration
  • ApiCredentialsSection: added collapsible Advanced Options with save/clear + re-auth prompt
  • L10n: 8 new keys across zh/en/ja
  • Removed setup_guide_screen.dart, updated READMEs, added iOS screenshot

Test plan

  • Default flow: fresh install → login with built-in Client ID → playback works
  • Custom Client ID (Settings): set custom ID → prompted to re-login → authorize with new ID → playback works
  • Custom Client ID (Login screen): set custom ID before login → login → works
  • Clear custom ID → reverts to default → re-login required
  • Token refresh uses correct Client ID after switch
  • macOS + iOS: SharedPreferences persistence works for custom Client ID

@0Chencc
feat: migrate to PKCE auth flow with custom Client ID support
0a71bfc 
- Replace Authorization Code Flow with PKCE (no client_secret needed)
- Hardcode default client_id in AppConfig, remove setup guide screen
- Add custom Client ID option in Settings > Advanced Options and Login screen
- Unify all auth/token/playback code via effectiveSpotifyClientIdProvider
- TokenRefreshService rebuilds when client_id changes
- Add l10n keys for zh/en/ja
- Add iOS screenshot, update READMEs
@0Chencc 0Chencc merged commit 2d4612d into main Feb 8, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

application config core data dependencies documentation Improvements or additions to documentation i18n ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0Chencc