Jammming project - Implicit Grant Flow VS Authorization Code

I am working on the Jammming project for the Full Stack developer path.
I spent the past few days reading the documentation and researching about the authentication flow for this project. As a matter of fact, in the Spotify documentation, it is recommended to use the Authorization code with PKCE flow “for a single page web app, or any other type of application where the client secret can’t be safely stored”.

My first question is: does Jammming belong to this category of projects?

I decided to go with the Authorization Code with PKCE flow but, after implementing all the methods outlined by the tutorial, I kept getting errors when trying to retrieve the access token.
That’s when I had the aha moment and understood that this authorization flow needs a server to run in order to work

My second question then: is having a server necessary for this type of application or it is an overkill?

I don’t want to over engineer the code for this project but I am interested to understand why Spotify recommends this flow.

Hi @rossellaf

Thank you for your question! I just started doing same project and it gives me some head-ups :slight_smile:
Of course the answer for your first question is YES - React is mainly used to create SPA (Single Page App).

For the second question - we haven’t reached back end yet - i think it’s an overkill to have server :slight_smile:
I plan to use my git-hub account to show my app when i finish.

Kind Regards and good luck