Hi,
Looking at your great card and I’m wondering a bit about the scopes that the .js file is requesting access to.
Why do you need access to all these scopes?
“user-read-private”, “user-read-email”, “playlist-read-private”, “user-read-birthdate”, “user-read-playback-state”, “user-modify-playback-state”
Why do you need access to “user-read-private”, “user-read-email” and “user-read-birthdate”?
Seems to me that you app should be able to do what it does(listing playlists and playing them on connected devices) without needing access to those scopes?
Please correct me if I’m wrong.
(Edit…)
Deleted my Spotify app on https://developer.spotify.com/, edited your .js file to only include scopes “playlist-read-private”, “user-read-playback-state”, “user-modify-playback-state”, and then I re-authenticated with Spotify(The scopes requested now, was only the 3 from the .js file, so the changes was picked up).
All is working fine, I’m able to see my playlists and devices and start playing on the devices, so I’m still wondering why you need access to private account info like email, username and birthday?
ping @fondberg