Upgrade to OAuth

To upgrade your service's authentication to OAuth from DeviceLink, Session ID, or anonymous access, you create a new service version. Implement authentication as described in the rest of this tutorial and respond to getDeviceAuthToken requests for authentication updates. The upgrade will occur automatically for the listener when you follow these key implementation differences described here.

Create a new service version

Create a new version of your service by following all the implementation steps beginning with Add browser authentication. To submit your new service, select DEVELOP & SUBMIT and use the version manager. Be sure to choose OAuth for the Authentication on the Technical Configuration & Test Setup page. This changes the authType value in the service XML file and provides Sonos the trigger to upgrade authentication. Sonos checks the authType after a system upgrade when the player restarts.


Choose OAuth even if you only implement browser authentication to enable automatic updates.

Respond to Sonos player requests for updates

We've already describe how to implement getDeviceAuthToken responses, but an authentication upgrade requires that your service respond to a different form of the request. During authentication upgrade, the player upgrades each account record one at a time with repeated getDeviceAuthToken requests to your service. To indicate that this is an authentication upgrade, these requests do not contain a parameter, but they do include the current username and password credentials in the SOAP header. See the following sample getDeviceAuthToken request.


To make the authentication upgrade automatic, your server should return your valid authToken and privateKey in the getDeviceAuthToken responses. Note also, do not update the nickname value if a nickname is already there. The listener may have set a different nickname, which you should not overwrite.

If you want the listener to reauthorize the account from their Sonos app with their username and password instead of providing automatic updating, then leave the authToken and privateKey blank in your response to getDeviceAuthToken.