Spotify Now Playing
A Spotify Now Playing widget displays the track your Spotify account is currently playing, with album art, controls, and live progress. WidgetCraft's Spotify widget uses PKCE OAuth — your token lives in your browser, never touches our servers — and embeds as a single iframe URL on widgetcraft.ai or any HTML page where the browser can complete the OAuth popup.
WidgetCraft's Spotify Now Playing widget is the only embeddable Spotify widget with real PKCE authentication. Click Connect, approve once in a popup, and your currently-playing track appears inline — album art, track title, artist, progress bar, and play/pause/skip controls that actually control your active Spotify device. There is no backend involved: the OAuth token is stored in your browser's localStorage, refreshed client-side, and never transmitted to WidgetCraft. You can embed it in a Notion daily note to mood-stamp your day, in an Obsidian vault to annotate journal entries with what you were listening to, or in a live stream overlay for public 'what's playing' badges. Requires a Spotify Premium account for playback control; all tiers support the read-only now-playing display. Track changes appear within 10 seconds while music is playing; when Spotify is paused or idle, the widget checks every 30 seconds to stay under the API rate limit — so stopping and restarting playback can take up to half a minute to reflect.
Questions, answered.
How does the Spotify widget authenticate without a backend?
The widget uses OAuth 2.0 with PKCE (Proof Key for Code Exchange), a flow designed for single-page apps that doesn't require a server-side client secret. The token lives in your browser's localStorage and refreshes itself when it expires.
Do I need a Spotify Premium account?
Premium is required for playback controls (play, pause, skip). The read-only 'now playing' display works with any Spotify account tier, including free.
Is my Spotify password or token ever sent to WidgetCraft's servers?
No. The entire OAuth flow happens in a popup window on Spotify's own domain, and the resulting token is stored locally in your browser. WidgetCraft has no backend; we never see or store your credentials.
What happens when I embed this widget in Notion?
The Spotify widget currently works best on widgetcraft.ai or your own web page, where the OAuth token can persist in the iframe's localStorage. Some sandboxed hosts (including Notion's /embed block) isolate iframe storage, so you may need to reconnect each time the page loads. For stable always-on playback, embed it on a page you control.
Can I use this widget on a stream or public page?
Yes, but be aware that the widget will show whatever is playing on the Spotify account that authorized it. For public/stream use, connect it with a dedicated streaming account, not your personal Spotify.
Why does the widget sometimes show 'Nothing playing'?
Spotify's API returns an empty response when no track is active — which happens in the brief moments between songs, when playback is paused with no active device, or when your account is being used elsewhere. The widget polls every few seconds and updates as soon as something starts.
Why does it take a few seconds for track changes to show up?
The widget polls Spotify's `/currently-playing` endpoint every 10 seconds while music is playing and every 30 seconds when Spotify is paused or idle. That cadence is chosen to stay well under Spotify's per-token rate limits (which, once tripped, can pause the widget for minutes via a 429 response). So track changes appear within ~10s during active playback; pause-to-resume or starting a completely new session may take up to half a minute. This is a deliberate trade-off — tighter polling would run out of API budget and stop updating entirely.
Does the widget consume my Spotify API quota?
It polls the `/me/player/currently-playing` endpoint at a cadence that honors Spotify's rate limits (every 10s while playing, every 30s when idle). If Spotify returns a 429 Too Many Requests, the widget honors the `Retry-After` header with a 30-second minimum backoff, then resumes normally.