Due to the design of OAUTH2, which is used by the spotify api, each user access token will expire after 1 hour - meaning the user will need to login again unless you implement the Authorization Code Flow.
This will require you to enter:
SPOTIFY_CLIENT_ID- Your spotify app id, found the spotify developer dashboard
SPOTIFY_CLIENT_SECRET- Your spotify client secret, found the spotify developer dashboard
SPOTIFY_CLIENT_CALLBACK- Your spotify app redirect URL, found the spotify developer dashboard
ENCRYPTION_SECRET- Any arbitrary string to use to encrypt/decrypt refresh tokens
which can all be found in the spotify developer dashboard.
This will set up a server that will run for free! The only issue being that if the server has been inactive for over 30 minutes it will go to sleep, the only way I have found to get around this is to set up a service to ping your server every 5 minutes or so.