API Key Authentication

content/en/docs/Endpoints/getLyricsBySongId.md

@@ -35,7 +35,7 @@ Clients should treat `xxx` as not having a specified language (equivalent to the
 
 ### Example
 
-{{< alert color="primary" >}} `http://your-server/rest/getLyricsBySongId.view?&id=123&u=demo&p=demo&v=1.13.0&c=AwesomeClientName&f=json` {{< /alert >}}
+{{< alert color="primary" >}} `http://your-server/rest/getLyricsBySongId.view?id=123&u=demo&p=demo&v=1.13.0&c=AwesomeClientName&f=json` {{< /alert >}}
 
 ### Result
 
@@ -110,6 +110,7 @@ A [`subsonic-response`](../../responses/subsonic-response) element with a nested
       <line>Grating me</line>
       <line>And twisting me around...</line>
     </structuredLyrics>
+  </lyricsList>
 </subsonic-response>
 {{< /tab >}}
 {{< tab header="Subsonic"  >}}

content/en/docs/Endpoints/getopensubsonicextensions.md

@@ -17,6 +17,8 @@ List the OpenSubsonic extensions supported by this server.
 
 Takes no extra parameters.
 
+**Note**: Unlike all other APIs `getOpenSubsonicExtensions` **must** be publicly accessible.
+
 ### Example
 
 {{< alert color="primary" >}} `http://your-server/rest/getOpenSubsonicExtensions.view?u=demo&p=demo&v=1.13.0&c=AwesomeClientName&f=json` {{< /alert >}}

content/en/docs/Endpoints/tokeninfo.md

@@ -0,0 +1,62 @@
+---
+title: "tokenInfo"
+linkTitle: "tokenInfo [OS]"
+opensubsonic:
+  - Addition
+  - Extension
+categories:
+  - System
+description: >
+  Returns information about an API key
+---
+
+**OpenSubsonic version**: [1](../../opensubsonic-versions)
+
+**OpenSubsonic extension name** `apiKeyAuthentication` (As returned by [`getOpenSubsonicExtensions`](../../endpoints/getopensubsonicextensions))
+
+Returns data about an API key.
+
+`http://your-server/rest/tokenInfo`
+
+### Parameters
+
+None
+
+### Example
+
+{{< alert color="primary" >}} `http://your-server/rest/tokenInfo.view?apiKey=1234&v=1.13.0&c=AwesomeClientName&f=json` {{< /alert >}}
+
+
+### Result
+
+A [`subsonic-response`](../../responses/subsonic-response) element with a nested [`tokenInfo`](../../responses/tokenInfo/) on success, or error 44 on invalid token.
+
+{{< tabpane persistLang=false >}}
+{{< tab header="**Example**:" disabled=true />}}
+{{< tab header="OpenSubsonic JSON" lang="json">}}
+{
+"subsonic-response": {
+  "status": "ok",
+  "version": "1.16.1",
+  "type": "AwesomeServerName",
+  "serverVersion": "0.1.3 (tag)",
+  "openSubsonic": true,
+    "tokenInfo": {
+      "username": "token username"
+    }
+  }
+}
+{{< /tab >}}
+{{< tab header="OpenSubsonic XML" lang="xml">}}
+<subsonic-response status="ok" version="1.16.1" type="AwesomeServerName" serverVersion="0.1.3 (tag)" openSubsonic="true">
+  <tokenInfo username="token username"></tokenInfo>
+</subsonic-response>
+{{< /tab >}}
+{{< tab header="Subsonic"  >}}
+Does not exist.
+{{< /tab >}}
+{{< /tabpane >}}
+
+| Field       | Type                                     | Req.    | OpenS.  | Details                   |
+| ----------- | ---------------------------------------- | ------- | ------- | ------------------------- |
+| `tokenInfo` | [`tokenInfo`](../../responses/tokeninfo) | **Yes** | **Yes** | Information about the token |

content/en/docs/Extensions/apiKeyAuth.md

@@ -0,0 +1,47 @@
+---
+title: "API Key Authentication"
+linkTitle: "API Key Authentication"
+OpenSubsonic:
+  - Extension
+description: >
+  Add support for synchronized lyrics, multiple languages, and retrieval by song ID
+---
+
+**OpenSubsonic version**: [1](../../opensubsonic-versions)
+
+**OpenSubsonic extension name** `apiKeyAuthentication` (As returned by [`getOpenSubsonicExtensions`](../../endpoints/getopensubsonicextensions))
+
+## Version 1
+
+This extension requires changes to the semantics of authentication.
+Broadly, there are two general changes:
+
+1. **Required**: A new authentication mechanism: `apiKey` for query.
+2. Recommended: Deprecation of token/salt-based authentication.
+
+### API keys
+
+An API key is any authentication token generated by an OpenSubsonic server that can be used to authenticate.
+How this API key is generated by the server is implementation-specific: the server may provide a page where the user can configure one or more API keys, the server may automatically generate a API key, or any other variety of means.
+The format of the API key is not specified, but it **must** be of reasonable length to fit into a query parameter (less than 2048 characters URL-encoded).
+
+Servers which implement this extension **must** provide some mechanism for viewing active API key(s) and allow for revoking API keys.
+Note that these API keys **do not** expire; as long as they are not revoked by the user, they are assumed to be valid.
+
+#### Using a API key
+
+An API key is used as a query parameter `apiKey=<api key>`.
+When an API key is provided, the client **must not** provide a `u` parameter; passing in `u` **must** be treated as an error `43`.
+
+It is **recommended** that servers which provide API-key authentication deprecate salt/token-based authentication.
+
+If multiple conflicting authentication parameters are passed in, the server **must** return an error `43`, `Multiple conflicting authentication mechanisms provided`
+
+If a server deprecates salt-based authentication, it **must** return an error `41` (`Token authentication not supported for LDAP users.`).
+Similarly, if a server deprecates password-based authentication, it **must** return an error `42` (`Password authentication not supported. Use API keys`).
+
+In both cases, it is recommended that the server provide a meaningful url (configuration url, documentation, etc) in the `helpUrl` to help clients instruct their users how to obtain an API key.
+
+## New error codes
+
+This extension introduces three new errors `42`, `43` and `44`, and adds a new field `helpUrl`. See [error](../../responses/error)

content/en/docs/Responses/error.md

@@ -1,6 +1,8 @@
 ---
 title: "error"
-linkTitle: "error"
+linkTitle: "error [OS]"
+opensubsonic:
+  - Change
 description: >
   Error.
 ---
@@ -9,8 +11,9 @@ description: >
 {{< tab header="**Example**:" disabled=true />}}
 {{< tab header="OpenSubsonic" lang="json">}}
 {
-  "code": 40,
-  "message": "Wrong username or password"
+  "code": 42,
+  "message": "Authentication mechanism not supported. Use API keys",
+  "helpUrl": "https://example.org/users/apiKey"
 }
 {{< /tab >}}
 {{< tab header="Subsonic" lang="json" >}}
@@ -21,21 +24,25 @@ description: >
 {{< /tab >}}
 {{< /tabpane >}}
 
-| Field |  Type | Req. | OpenS. | Details |
-| --- | --- | --- | --- | --- |
-| `code` | `int` | **Yes** |     | The error code |
-| `message` | `string` | No |     | The optional error message |
+| Field     | Type     | Req.    | OpenS. | Details                                                                                       |
+| --------- | -------- | ------- | ------ | --------------------------------------------------------------------------------------------- |
+| `code`    | `int`    | **Yes** |        | The error code                                                                                |
+| `message` | `string` | No      |        | The optional error message                                                                    |
+| `helpUrl` | `string` | No      | Yes    | A URL (documentation, configuration, etc) which may provide additional context for the error) |
 
 The following error codes are defined:
 
-| Code | Description |
-| --- | --- |
-| 0   | A generic error. |
-| 10  | Required parameter is missing. |
-| 20  | Incompatible Subsonic REST protocol version. Client must upgrade. |
-| 30  | Incompatible Subsonic REST protocol version. Server must upgrade. |
-| 40  | Wrong username or password. |
-| 41  | Token authentication not supported for LDAP users. |
-| 50  | User is not authorized for the given operation. |
-| 60  | The trial period for the Subsonic server is over. Please upgrade to Subsonic Premium. Visit subsonic.org for details. |
-| 70  | The requested data was not found. |
+| Code | Description                                                                                                           |
+| ---- | --------------------------------------------------------------------------------------------------------------------- |
+| 0    | A generic error.                                                                                                      |
+| 10   | Required parameter is missing.                                                                                        |
+| 20   | Incompatible Subsonic REST protocol version. Client must upgrade.                                                     |
+| 30   | Incompatible Subsonic REST protocol version. Server must upgrade.                                                     |
+| 40   | Wrong username or password.                                                                                           |
+| 41   | Token authentication not supported for LDAP users.                                                                    |
+| 42   | Password authentication not supported. Use API keys                                                                   |
+| 43   | Multiple conflicting authentication mechanisms provided                                                               |
+| 44   | Invalid API key or username                                                                                           |
+| 50   | User is not authorized for the given operation.                                                                       |
+| 60   | The trial period for the Subsonic server is over. Please upgrade to Subsonic Premium. Visit subsonic.org for details. |
+| 70   | The requested data was not found.                                                                                     |

content/en/docs/Responses/tokeninfo.md

@@ -0,0 +1,29 @@
+---
+title: "tokenInfo"
+linkTitle: "tokenInfo [OS]"
+opensubsonic:
+  - Addition
+description: >
+  Information about an API key
+---
+
+{{< tabpane persistLang=false >}}
+{{< tab header="**Example**:" disabled=true />}}
+{{< tab header="OpenSubsonic JSON" lang="json">}}
+{
+  "tokenInfo": {
+    "username": "token username"
+  }
+}
+{{< /tab >}}
+{{< tab header="OpenSubsonic XML" lang="xml">}}
+<tokenInfo username="token username"></tokenInfo>
+{{< /tab >}}
+{{< tab header="Subsonic"  >}}
+Does not exist.
+{{< /tab >}}
+{{< /tabpane >}}
+
+| Field      | Type   | Req.    | OpenS.  | Details                        |
+| ---------- | ------ | ------- | ------- | ------------------------------ |
+| `username` | string | **Yes** | **Yes** | Username associated with token |