`auth_manager=SpotifyOAuth(` causes indefinite hanging if provided with invalid client id or secret

[Lightningtow]

Describe the bug
When there's no valid .cache file for Spotipy to draw from, and an invalid client ID or secret is provided to the authorization code flow, when you next use the sp object, the code opens a webpage that says INVALID_CLIENT: Invalid client and then hangs indefinitely. A try/except does nothing.

If provided with an invalid callback URI (regardless of the validity of the client ID and secret), it will throw an error when you enter the URL you were sent to, so you're able to try/except as normal.

Your code

print("authing")  # behaves the same if you use environment variables instead of hardcoding
sp = spotipy.Spotify(auth_manager=SpotifyOAuth(client_id='invalid id', 
                                   client_secret='invalid secret',
                                   redirect_uri='http://localhost:8080',  # this part is valid
                                   scope=SCOPES))   # this is also valid
print("after auth request")
sp.me()  # also tested with `sp.playlist_items()` and `sp.track`, they all behave the same
print("end authing")

Expected behavior
If provided with an invalid client ID and/or secret, it should throw an error, one that can be properly caught with a try/except.
Seems the error would be better placed on the sp = spotipy line of code, but would work fine if it instead threw when it got used next, in this case sp.me(). Doesn't really matter, as long as it gives an error that can be caught.

Output
Running the above code results in this:

authing
after auth request

and then indefinite hanging. The behavior is exactly the same even if you use try/except around both statements, or if only one ID/secret is invalid.

Environment:

• OS: Windows
• Python version: 3.9
• Spotipy version 2.12.0 2.22.1 (typo)
• IDE: Pycharm

Additional context
Not part of the bug report, but does anyone know an option besides A) bundle my app's client secret with the rest of my code and distribute it with cx_Freeze, which is no bueno lmao, or B) force my users to make their own app and provide their own IDs and secrets? I chose option B, which is why I'm making the above bug report rn, because I can't assume that my end user will provide valid IDs or secrets.

[stephanebruckert]

Haven't tried it yet, but I see you are using quite an old version of spotipy, could you please upgrade and confirm the problem persists?

[Lightningtow]

Haven't tried it yet, but I see you are using quite an old version of spotipy, could you please upgrade and confirm the problem persists?

That was a typo, sorry. I'm using 2.22.1

[BigAtomikku]

Bump. I am also experiencing this. I would like to be able to handle it as it causes my program to hang and I cannot find a way to handle it as spotipy provides no exceptions, just hangs.

[stephanebruckert]

@dieser-niko do you know if this is the same as https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#my-application-is-not-responding ? and if the warning from #1134 should be displayed in this case?

@BigAtomikku you could try the suggestion from the FAQ to raise an error rather than indefinitely retrying, which hopefully will also give us more info.

[BigAtomikku]

@dieser-niko do you know if this is the same as https://github.com/spotipy-dev/spotipy/blob/master/FAQ.md#my-application-is-not-responding ? and if the warning from #1134 should be displayed in this case?

@BigAtomikku you could try the suggestion from the FAQ to raise an error rather than indefinitely retrying, which hopefully will also give us more info.

I tried an invalid client_id with:

redirect_uri = "http://127.0.0.1:5000/callback"
scope = "user-read-playback-state"

print("Begin")
auth_manager = spotipy.SpotifyPKCE(client_id=client_id, redirect_uri=redirect_uri, scope=scope)
print("1")
spotify = spotipy.Spotify(auth_manager=auth_manager, retries=0)
print("2")
spotify.current_playback()
print("3")

and still no luck. It never reached print("3") or provided an error. Just sits there

[dieser-niko]

I guess that spotipy is waiting for a never incoming request from the browser. It just prepares the URL for the browser and that's it. There's no check if the URL is valid or not. At least that's what I'm seeing without looking at the code.

[dieser-niko]

The thing is, we won't know if it throws an error on the website because it doesn't redirect the user to the redirect_uri. There also doesn't seem to be a universal way to verify the client credentials.

What we/the user could do would be to use SpotifyClientCredentials before anything to make sure the credentials are correct.

As for spotipy, I think we could make sure that the http server can be cancelled with Ctrl + C or similar.
Alternatively we could use flask or bottle since they can handle a KeyboardInterrupt.

[BigAtomikku]

I created a pull request where I have fixed the issue for my use case at least.