I am working on the Jammming project for the Full Stack developer path.
I spent the past few days reading the documentation and researching about the authentication flow for this project. As a matter of fact, in the Spotify documentation, it is recommended to use the Authorization code with PKCE flow “for a single page web app, or any other type of application where the client secret can’t be safely stored”.
My first question is: does Jammming belong to this category of projects?
I decided to go with the Authorization Code with PKCE flow but, after implementing all the methods outlined by the tutorial, I kept getting errors when trying to retrieve the access token.
That’s when I had the aha moment and understood that this authorization flow needs a server to run in order to work
My second question then: is having a server necessary for this type of application or it is an overkill?
I don’t want to over engineer the code for this project but I am interested to understand why Spotify recommends this flow.