Demo_MCP_Server_Spotify

Running

App Files Files Community

Demo_MCP_Server_Spotify / MCP_instructions.md

pharmaia

Update MCP_instructions.md

8968f43 verified about 12 hours ago

preview code

raw

history blame contribute delete

4.33 kB

	---
	title: Demo MIT - MCP Server
	emoji: 💻
	colorFrom: green
	colorTo: gray
	sdk: gradio
	sdk_version: 5.29.0
	app_file: app.py
	pinned: false
	---
	---

	# Spotify MCP Server

	Spotify MCP (Model Context Protocol) server, implemented with FastAPI + FastMCP.
	It authenticates a Spotify account via OAuth2 and exposes MCP tools to query profile data, search tracks, read library/recent playback, and manage playlists.

	## Target Deployment (Hugging Face)

	This server runs in the Space:

	- `pharmaia/Demo_MCP_Server_Spotify`
	- https://huggingface.co/spaces/pharmaia/Demo_MCP_Server_Spotify

	Public base URL:

	- `https://pharmaia-demo-mcp-server-spotify.hf.space`

	Public MCP SSE endpoint:

	- `https://pharmaia-demo-mcp-server-spotify.hf.space/gradio_api/mcp/sse`

	## General Architecture

	- `FastAPI` exposes HTTP endpoints for healthcheck and OAuth flow.
	- `FastMCP` registers MCP tools and publishes them over SSE.
	- `httpx` performs calls to Spotify Accounts API (tokens) and Spotify Web API (data/actions).
	- `spotify_tokens.json` (or a configurable path) stores tokens and expiration metadata.

	## Authentication Flow

	1. The client opens `/auth/login`.
	2. The server generates an anti-CSRF `state` and redirects to Spotify `/authorize`.
	3. Spotify redirects to `/auth/callback` with `code` + `state`.
	4. The server validates `state`, exchanges `code` for tokens, and saves them.
	5. MCP tools use the stored token; if expired, the server attempts automatic refresh.

	## HTTP Endpoints (Production)

	- `GET /`: basic service metadata and useful routes.
	- `GET /health`: simple status (`ok`).
	- `GET /auth/status`: local token status.
	- `GET /auth/reset`: removes local token (forces re-authentication).
	- `GET /auth/login?force=true`: starts OAuth (with consent dialog).
	- `GET /auth/callback`: Spotify OAuth callback.
	- `SSE /gradio_api/mcp/sse`: MCP SSE transport (mounted by FastMCP).

	## Main MCP Tools

	- `spotify_auth_status`: authentication status.
	- `spotify_get_auth_url`: direct OAuth authorization URL.
	- `spotify_get_my_profile`: current user profile.
	- `spotify_search_tracks`: track search.
	- `spotify_list_saved_tracks`: saved tracks.
	- `spotify_list_recently_played`: recently played tracks.
	- `spotify_get_top_tracks`: top tracks by time range.
	- `spotify_check_saved_tracks`: checks whether tracks are saved.
	- `spotify_save_tracks` / `spotify_remove_saved_tracks` / `spotify_set_tracks_saved`.
	- `spotify_list_my_playlists`: user playlists.
	- `spotify_create_playlist`: create playlist.
	- `spotify_add_items_to_playlist`: add items.
	- `spotify_update_playlist_details`: update metadata.
	- `spotify_replace_playlist_items`: replace content.
	- `spotify_delete_playlist`: delete (unfollow) playlist.

	## Environment Variables (Hugging Face Spaces)

	Configure in Space Settings > Variables and secrets:

	- `SPOTIFY_CLIENT_ID`
	- `SPOTIFY_CLIENT_SECRET`
	- `SPOTIFY_REDIRECT_URI` = `https://pharmaia-demo-mcp-server-spotify.hf.space/auth/callback`
	- `SPOTIFY_SCOPES` (optional; the server appends required scopes)
	- `SPOTIFY_TOKEN_FILE` (optional; default `spotify_tokens.json`)
	- `MCP_PUBLIC_SSE_URL` = `https://pharmaia-demo-mcp-server-spotify.hf.space/gradio_api/mcp/sse`
	- `PORT` (optional; default `7860`)

	Important: in Spotify Developer Dashboard, the Redirect URI must match exactly:

	- `https://pharmaia-demo-mcp-server-spotify.hf.space/auth/callback`

	## Production Usage (HF Space)

	1. Open OAuth login:

	- `https://pharmaia-demo-mcp-server-spotify.hf.space/auth/login`

	2. Complete Spotify consent.
	3. Check status:

	- `https://pharmaia-demo-mcp-server-spotify.hf.space/auth/status`

	4. Connect MCP client to the public SSE endpoint:

	- `https://pharmaia-demo-mcp-server-spotify.hf.space/gradio_api/mcp/sse`

	## Local Run (Optional)

	1. Install dependencies:

	```bash
	pip install -r requirements.txt
	```

	2. Start the server:

	```bash
	python app.py
	```

	3. Open in browser:

	- `http://localhost:7860/auth/login`

	4. Connect MCP client to local SSE endpoint:

	- `http://localhost:7860/gradio_api/mcp/sse`

	## Design Notes

	- The server keeps OAuth state in memory with TTL to prevent callback replay.
	- Scopes are validated for sensitive playlist operations.
	- Spotify IDs/URIs/URLs are normalized before API calls.
	- Spotify responses are transformed into compact payloads for MCP tool consumption.