In Solid, you can assign permission to any resource (e.g. a file). You don’t have to assign that to the whole Pod.
Depending on the mechanism this (De-)Spotify App uses, there are two main approaches you may use to specify its specific permission on the specific resources rather than your whole Pod:
- If the (De-)Spotify App uses its own WebID to authenticate itself, you can easilly assign permission on resources related to that WebID, much like the same as you specify that for a human agent / user (e.g. through the share/permission pane in SolidOS, or manually modifying the ACL).
- If the (De-)Spotify App doesn’t have its own WebID, as described by hochstenbach, it will use your own WebID to authenticate (after you log-in, of course). There is also the “by Origin” mechanism if you look at the sharing/permission pane in SolidOS, which you may specify on each resource. (But I never fully understand it… See my github issue and/or my other post.)