I have a wordpress plugin that is working since this january, It displays on a web page the title and author of the song currently playing on my spotify account. Suddenly a couple of days ago it stopped working; the reason is the Autherization Code Flow does not complete anymore: the first part (getting an auth code through the "authorize" endpoint) is ok. Then the callback tries to use the code received doing an http post to the "token" endpoint but ends with a timeout
...preparing parameters
$state = $_GET['state']; /* this is a verified nonce */
$code = $_GET['code']; /* this is the auth code received from "authorize" */
$client_id = get_option($this->client_id_option);
$client_secret = get_option($this->client_secret_option);
$redirect_uri = admin_url('options-general.php?page=spotify-token-manager');
...posting to the "token" endpoint
$response = wp_remote_post('https://accounts.spotify.com/api/token', [
'headers' => [
'Authorization' => 'Basic ' . base64_encode($client_id . ':' . $client_secret),
'Content-Type' => 'application/x-www-form-urlencoded'
],
'body' => [
'grant_type' => 'authorization_code',
'code' => $code,
'redirect_uri' => $redirect_uri,
'state' => $state
]
]);
Then $response is an error
{"errors":{"http_request_failed":["cURL error 28: Connection timed out after 5001 milliseconds"]},"error_data":[]}
More, if I use the same parameter values in a curl statement from the command line all works ok and I get a token with its refresh token. I do not understand what happened being the code unchanged.
EDIT
Seems it is an infrastructure problem, not code related; IPv6, DNS, load balancers, content filters and the like... As soon as my ISP give me the answer I'll post it here
The problem was caused by a change in the security policies of our ISP: they blacklisted the IP address of accounts.spotify.com because many of their servers were targeted with multiple connections to unusual TCP ports coming from that IP.
Not a code problem.