If you were one of the thousands of people who read my previous post, there’s an update from Spotify regarding token revokation, and spoiler alert: They listened!

I just got an email notifying me of an update to this Github issue. One of the Spotify developers has replied that users will be able to revoke access tokens starting 9th of August, this year.

In non-technical terms, what does this mean?

Access tokens are special purpose “passwords” generated so that other developers’ applications can access your Spotify account. A token may permit an application to add/edit/delete playlists, for example, without needing your main password.

The issue was that Spotify did not implement a feature to revoke these tokens, effectively giving other applications permanent access to your account. Companies such as Google, Facebook and Twitter, also allow third party applications to access your accounts, but they all provide an easy-to-use interface for removing access at a later date.

This is the feature Spotify is soon going to enable, more precisely August 9th. I highly recommend that you check what applications have access to your account, and revoke all of which you no longer use, or didn’t know you ever granted access.

Also, I’d like to say thank you, Spotify, for listening to my blog post, and the concerns of other developers on Hacker News and Github. Yes, not implementing this earlier was a scary oversight, but I’m happy to see you are now taking measures to rectify this.