About This Project

This page extends the Spotify pipeline into a full multi-user application. Visitors can securely authorize their own Spotify accounts using OAuth 2.0 with PKCE (Proof Key for Code Exchange)—an industry-standard flow where your Spotify credentials are never shared with this application. Upon authorization, the serverless backend fetches your personal listening data (top artists, albums, recently played tracks, and genre breakdowns) directly from the Spotify API and returns it for display.

Under the hood, the architecture demonstrates several production-grade patterns: server-side session management via DynamoDB with automatic TTL expiration, envelope encryption of OAuth tokens using AWS KMS, least-privilege IAM policies ensuring each Lambda invocation can only access the requesting user’s data, and HttpOnly secure cookies for session transport—eliminating client-side token exposure entirely.

The app also features an intelligent playlist engine that builds personalized playlists by combining your app-recorded play history with Spotify’s recommendation API. Users can tune their preferences—timeframe, genre selections, and exclusion filters—and save curated playlists directly to their Spotify account.

Tech stack: Python · AWS Lambda · API Gateway · DynamoDB · KMS · S3 · CloudFront · Spotify OAuth 2.0 (PKCE) · Terraform · JavaScript