spotify
diff --git a/Diff for: ‎README.md
+5-4 b/Diff for: ‎README.md
+5-4
diff --git a/Diff for: ‎authentication/README.md
-35 b/Diff for: ‎authentication/README.md
-35
diff --git a/Diff for: ‎authentication/client_credentials/app.js
-43 b/Diff for: ‎authentication/client_credentials/app.js
-43
diff --git a/Diff for: ‎authentication/package.json
-13 b/Diff for: ‎authentication/package.json
-13
diff --git a/Diff for: ‎authentication/.gitignore renamed to ‎authorization/.gitignore b/Diff for: ‎authentication/.gitignore renamed to ‎authorization/.gitignore
diff --git a/Diff for: ‎authorization/authorization_code/README.md
+27 b/Diff for: ‎authorization/authorization_code/README.md
+27
diff --git a/Diff for: ‎authentication/authorization_code/app.js renamed to ‎authorization/authorization_code/app.js
+23-24 b/Diff for: ‎authentication/authorization_code/app.js renamed to ‎authorization/authorization_code/app.js
+23-24
@@ -2,8 +2,9 @@
 
 ## Contents
 
-- [Authentication examples](/authentication/)
-    - [Authorization code]( /authentication/authorization_code/)
-    - [Client Credentials](/authentication/client_credentials)
-    - [Implicit Grant](/authentication/implicit_grant/)
+- Authorization examples
+    - [Authorization Code]( /authorization/authorization_code/)
+    - [Authorization Code with PKCE extension]( /authorization/authorization_code_pkce/)
+    - [Client Credentials](/authorization/client_credentials)
+    - [Implicit Grant](/authorization/implicit_grant/)
 - [Get User Profile example](/get_user_profile/)
@@ -0,0 +1,27 @@
+# Spotify Authorization Code example
+
+This app displays your Spotify profile information using [Authorization Code](https://developer.spotify.com/documentation/web-api/tutorials/code-flow)
+to grant permissions to the app.
+
+## Installation
+
+This example runs on Node.js. On [its website](http://www.nodejs.org/download/) you can find instructions on how to install it.
+
+Install the app dependencies running:
+
+    $ npm install
+
+## Using your own credentials
+
+You will need to register your app and get your own credentials from the [Spotify for Developers Dashboard](https://developer.spotify.com/dashboard).
+
+- Create a new app in the dashboard and add `http://localhost:8888/callback` to the app's redirect URL list.
+- Once you have created your app, update the `client_id`, `redirect_uri`, and `client_secret` in the `app.js` file with the credentials obtained from the app settings in the dashboard.
+
+## Running the example
+
+From a console shell:
+
+    $ npm start
+
+Then, open `http://localhost:8888` in a browser.
@@ -4,33 +4,27 @@
  * the Spotify Accounts.
  *
  * For more information, read
- * https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow
+ * https://developer.spotify.com/documentation/web-api/tutorials/code-flow
  */
 
-var express = require('express'); // Express web server framework
-var request = require('request'); // "Request" library
+var express = require('express');
+var request = require('request');
+var crypto = require('crypto');
 var cors = require('cors');
 var querystring = require('querystring');
 var cookieParser = require('cookie-parser');
 
-var client_id = 'CLIENT_ID'; // Your client id
-var client_secret = 'CLIENT_SECRET'; // Your secret
-var redirect_uri = 'REDIRECT_URI'; // Your redirect uri
+var client_id = 'yourClientIDGoesHere'; // your clientId
+var client_secret = 'YourSecretIDGoesHere'; // Your secret
+var redirect_uri = 'http://localhost:8888/callback'; // Your redirect uri
 
-/**
- * Generates a random string containing numbers and letters
- * @param  {number} length The length of the string
- * @return {string} The generated string
- */
-var generateRandomString = function(length) {
-  var text = '';
-  var possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 
-  for (var i = 0; i < length; i++) {
-    text += possible.charAt(Math.floor(Math.random() * possible.length));
-  }
-  return text;
-};
+const generateRandomString = (length) => {
+  return crypto
+  .randomBytes(60)
+  .toString('hex')
+  .slice(0, length);
+}
 
 var stateKey = 'spotify_auth_state';
 
@@ -81,7 +75,8 @@ app.get('/callback', function(req, res) {
         grant_type: 'authorization_code'
       },
       headers: {
-        'Authorization': 'Basic ' + (new Buffer(client_id + ':' + client_secret).toString('base64'))
+        'content-type': 'application/x-www-form-urlencoded',
+        Authorization: 'Basic ' + (new Buffer.from(client_id + ':' + client_secret).toString('base64'))
       },
       json: true
     };
@@ -121,11 +116,13 @@ app.get('/callback', function(req, res) {
 
 app.get('/refresh_token', function(req, res) {
 
-  // requesting access token from refresh token
   var refresh_token = req.query.refresh_token;
   var authOptions = {
     url: 'https://accounts.spotify.com/api/token',
-    headers: { 'Authorization': 'Basic ' + (new Buffer(client_id + ':' + client_secret).toString('base64')) },
+    headers: { 
+      'content-type': 'application/x-www-form-urlencoded',
+      'Authorization': 'Basic ' + (new Buffer.from(client_id + ':' + client_secret).toString('base64')) 
+    },
     form: {
       grant_type: 'refresh_token',
       refresh_token: refresh_token
@@ -135,9 +132,11 @@ app.get('/refresh_token', function(req, res) {
 
   request.post(authOptions, function(error, response, body) {
     if (!error && response.statusCode === 200) {
-      var access_token = body.access_token;
+      var access_token = body.access_token,
+          refresh_token = body.refresh_token;
       res.send({
-        'access_token': access_token
+        'access_token': access_token,
+        'refresh_token': refresh_token
       });
     }
   });