A newer version of the Gradio SDK is available: 6.12.0
metadata
title: Demo MIT - MCP Server
emoji: 💻
colorFrom: green
colorTo: gray
sdk: gradio
sdk_version: 5.29.0
app_file: app.py
pinned: false
Spotify MCP Server
Spotify MCP (Model Context Protocol) server, implemented with FastAPI + FastMCP. It authenticates a Spotify account via OAuth2 and exposes MCP tools to query profile data, search tracks, read library/recent playback, and manage playlists.
Target Deployment (Hugging Face)
This server runs in the Space:
pharmaia/Demo_MCP_Server_Spotify- https://huggingface.co/spaces/pharmaia/Demo_MCP_Server_Spotify
Public base URL:
https://pharmaia-demo-mcp-server-spotify.hf.space
Public MCP SSE endpoint:
https://pharmaia-demo-mcp-server-spotify.hf.space/gradio_api/mcp/sse
General Architecture
FastAPIexposes HTTP endpoints for healthcheck and OAuth flow.FastMCPregisters MCP tools and publishes them over SSE.httpxperforms calls to Spotify Accounts API (tokens) and Spotify Web API (data/actions).spotify_tokens.json(or a configurable path) stores tokens and expiration metadata.
Authentication Flow
- The client opens
/auth/login. - The server generates an anti-CSRF
stateand redirects to Spotify/authorize. - Spotify redirects to
/auth/callbackwithcode+state. - The server validates
state, exchangescodefor tokens, and saves them. - MCP tools use the stored token; if expired, the server attempts automatic refresh.
HTTP Endpoints (Production)
GET /: basic service metadata and useful routes.GET /health: simple status (ok).GET /auth/status: local token status.GET /auth/reset: removes local token (forces re-authentication).GET /auth/login?force=true: starts OAuth (with consent dialog).GET /auth/callback: Spotify OAuth callback.SSE /gradio_api/mcp/sse: MCP SSE transport (mounted by FastMCP).
Main MCP Tools
spotify_auth_status: authentication status.spotify_get_auth_url: direct OAuth authorization URL.spotify_get_my_profile: current user profile.spotify_search_tracks: track search.spotify_list_saved_tracks: saved tracks.spotify_list_recently_played: recently played tracks.spotify_get_top_tracks: top tracks by time range.spotify_check_saved_tracks: checks whether tracks are saved.spotify_save_tracks/spotify_remove_saved_tracks/spotify_set_tracks_saved.spotify_list_my_playlists: user playlists.spotify_create_playlist: create playlist.spotify_add_items_to_playlist: add items.spotify_update_playlist_details: update metadata.spotify_replace_playlist_items: replace content.spotify_delete_playlist: delete (unfollow) playlist.
Environment Variables (Hugging Face Spaces)
Configure in Space Settings > Variables and secrets:
SPOTIFY_CLIENT_IDSPOTIFY_CLIENT_SECRETSPOTIFY_REDIRECT_URI=https://pharmaia-demo-mcp-server-spotify.hf.space/auth/callbackSPOTIFY_SCOPES(optional; the server appends required scopes)SPOTIFY_TOKEN_FILE(optional; defaultspotify_tokens.json)MCP_PUBLIC_SSE_URL=https://pharmaia-demo-mcp-server-spotify.hf.space/gradio_api/mcp/ssePORT(optional; default7860)
Important: in Spotify Developer Dashboard, the Redirect URI must match exactly:
https://pharmaia-demo-mcp-server-spotify.hf.space/auth/callback
Production Usage (HF Space)
- Open OAuth login:
https://pharmaia-demo-mcp-server-spotify.hf.space/auth/login
- Complete Spotify consent.
- Check status:
https://pharmaia-demo-mcp-server-spotify.hf.space/auth/status
- Connect MCP client to the public SSE endpoint:
https://pharmaia-demo-mcp-server-spotify.hf.space/gradio_api/mcp/sse
Local Run (Optional)
- Install dependencies:
pip install -r requirements.txt
- Start the server:
python app.py
- Open in browser:
http://localhost:7860/auth/login
- Connect MCP client to local SSE endpoint:
http://localhost:7860/gradio_api/mcp/sse
Design Notes
- The server keeps OAuth state in memory with TTL to prevent callback replay.
- Scopes are validated for sensitive playlist operations.
- Spotify IDs/URIs/URLs are normalized before API calls.
- Spotify responses are transformed into compact payloads for MCP tool consumption.