The Cowork-managed Spotify connector is intentionally read/discover/create-only — it can search the catalog, create playlists, and report what’s playing, but it cannot read existing playlist contents, remove tracks, or reorder. That’s a Spotify partner-integration policy, not a Claude limitation.

The four community Spotify MCPs on GitHub (josuemj, Carrieukie, marcelmarais, PeterAkande) all wrap the Web API directly with a self-managed OAuth app, which is where the destructive playlist ops live. Rather than depend on a third-party fork, this MCP follows the same pattern Ed uses for every other custom MCP (farm-data, netbird, memory, inaturalist) — local Python + FastMCP under ~/.mcp-servers/, secrets in the Claude Desktop config env block.

All write tools are explicit — no “delete by criteria” footguns. replace_playlist_tracks is the canonical “rewrite this playlist with my curated list” operation: atomic 100-track PUT followed by 100-track POSTs for anything beyond. remove_tracks_from_playlist optionally takes a snapshot_id for concurrent-edit detection. Auto-pagination is built into add/remove/replace and the library writes (Spotify caps at 100 or 50 per call depending on endpoint).

1. Create a Spotify Developer app at developer.spotify.com/dashboard:

   • App name: any (e.g. Ed's MCP)
   • App description: any
   • Redirect URI: http://127.0.0.1:8888/callback — must match exactly, including the trailing /callback
   • APIs used: Web API (the only one needed)
   • Accept the developer terms

2. Copy the Client ID from the app’s settings page. (Client Secret is not used — PKCE doesn’t need it.)

3. Patch claude_desktop_config.json — the spotify-mcp block has a placeholder; replace REPLACE_WITH_CLIENT_ID_FROM_DEVELOPER_DASHBOARD with the real Client ID. The config lives at ~/Sync/ED/config/claude_desktop_config.json and Syncthing replicates it to both Macs.

4. Run the login helper once to mint a refresh token:

   cd ~/.mcp-servers/spotify-mcp
   SPOTIFY_CLIENT_ID=<your-client-id> .venv/bin/python3 login.py
   

   It opens your default browser to Spotify’s consent screen, captures the redirect on 127.0.0.1:8888, exchanges the code for tokens, and writes them to .token-cache.json (chmod 600).

5. Restart Claude Desktop fully (Cmd-Q, then relaunch) so the new MCP loads.

The login helper has to run on each machine that runs Claude Desktop (Studio + MacBook). The token cache file is per-machine — simpler than syncing OAuth state across hosts. Pre-shared Syncthing exclusion: .token-cache.json is in .stignore via the per-folder .gitignore-style pattern.

The login helper requests all 14 scopes the MCP needs so future tool additions don’t require re-authentication:

"spotify-mcp": {
  "command": "/Users/bee/.mcp-servers/spotify-mcp/.venv/bin/python3",
  "args": ["/Users/bee/.mcp-servers/spotify-mcp/server.py"],
  "env": {
    "SPOTIFY_CLIENT_ID": "<your-client-id>",
    "SPOTIFY_REDIRECT_URI": "http://127.0.0.1:8888/callback"
  }
}

SPOTIFY_TOKEN_CACHE defaults to ~/.mcp-servers/spotify-mcp/.token-cache.json — override only if you want the cache somewhere else.

The original use case. Open a chat and say something like “Help me clean up my ‘Drive Music’ playlist — dedupe and cap to 90 minutes.” Claude can now:

1. list_my_playlists → find the playlist id
2. get_playlist_tracks(id, limit=100) (page until exhausted) → assemble the full track list with duration_ms + popularity + added_at
3. Reason over the list in chat: identify duplicates, sort by your rule, trim to target length
4. Confirm the cut list with you
5. replace_playlist_tracks(id, curated_uris) — atomic rewrite

Or for a sibling-playlist workflow (keep the original as backup):

1. create_playlist("Drive Music — cleaned") → new id
2. add_tracks_to_playlist(new_id, curated_uris) → done

The MCP writes to ~/Library/Logs/Claude/mcp-server-spotify-mcp.log like every other server. check-mcp-health.py (runs 6×/day via com.bee.mcp-health-check) will pick up failures automatically.

Two known failure modes that don’t auto-recover:

• Refresh token revoked. If you click “remove app” at spotify.com/account/apps the refresh token dies and every call returns HTTP 400 invalid_grant. Fix: re-run login.py.
• Premium-only endpoints on a Free account. set_volume, pause/resume, queue ops require Premium. Tools return HTTP 403 Premium required. Not a bug.

On 2026-02-06 Spotify announced a reduced Web API surface for Development Mode apps; the changes hit existing integrations on 2026-03-09. Several legacy endpoints were silently removed — they now return a bare HTTP 403 Forbidden with no body detail, which is genuinely misleading because it looks identical to a scope error. The MCP was hit by this on 2026-05-26 when every write tool started 403’ing despite a fully scoped + allowlisted token.

What changed:

The response shape also changed: a playlist’s tracks.items.track is now items.items.item, and popularity / available_markets / linked_from are gone from track responses. User profile drops country, email, explicit_content, followers, product.

The server.py rewrite swapped every endpoint, renamed the response field handling, and dropped get_audio_features. Three new tools were added by piggy-backing on the new unified /me/library endpoint that accepts any URI type:

• save_to_library(uris) — saves tracks and albums, episodes, shows, audiobooks, plus follows artists/playlists, in one mixed-URI call
• remove_from_library(uris) — mirror of the save
• check_library_contains(uris) — unified “is this saved/followed?” check

The login.py scope list grew from 12 to 14, adding user-follow-read and user-follow-modify for artist/playlist follow operations via the new generic library endpoints. Existing tokens must be re-minted (re-run login.py) to pick up the new scopes; the migration itself is otherwise transparent.

Backups of the pre-migration code: ~/.mcp-servers/spotify-mcp/server.py.bak-feb2026-* and login.py.bak-feb2026-*.

References:

• Spotify blog: developer access update
• Feb 2026 changelog
• Migration guide

• MCP Servers — full active list
• Tana — when paired, Spotify history could feed a “music heard this week” view
• Life Archive — same opportunity for embedding listening history
• Bee Hub MCP servers active list — Studio-side view of the same registry