<?php
session_start();

require '../vendor/autoload.php';
require '../config.php';

$session = new SpotifyWebAPI\Session(
    $CLIENT_ID,
    $CLIENT_SECRET,
    $REDIRECT_URI
);

$storedState = $_SESSION['state'];
$state = $_GET['state'];

if ($state !== $storedState) {
    header('Location: auth.php');
}

$session->requestAccessToken($_GET['code']);

$_SESSION['accessToken'] = $session->getAccessToken();
$_SESSION['refreshToken'] = $session->getRefreshToken();

header('Location: index.php');
die();