-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Key Authentication #99
Open
kgarner7
wants to merge
8
commits into
main
Choose a base branch
from
api-key-auth
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+222
−52
Open
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
bbe1a3e
initial proposal for api key authentication
kgarner7 81965c7
v1 rework
kgarner7 e95541a
Merge branch 'main' into api-key-auth
kgarner7 dcf5645
remove v2 uncommitted stuff
kgarner7 d690523
Merge branch 'api-key-auth' of github.com:opensubsonic/open-subsonic-…
kgarner7 c206a8f
errors, remove auth header
kgarner7 7bfe865
add tokenInfo endpoint, require u to be unset, minor cleanup for getL…
kgarner7 4b94bc6
fix copypasta
kgarner7 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -68,7 +68,7 @@ See [API Key authentication](../extensions/apikeyauth) | |
|
||
For servers that implement [API Key authentication](../extensions/apikeyauth), the recommended authentication is to use an API key. | ||
This is a token generated from the Subsonic server. | ||
It may either be passed in as `apiKey=<API key>`, or as a header `Authorization: Bearer <API key>`. | ||
It must be passed in in as `apiKey=<API key>`. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. double in in |
||
Note that `u`/`p` may still be used by servers which are backed by LDAP/PAM/other authentication. | ||
|
||
{{< alert color="primary" >}} `http://your-server/rest/ping.view?u=joe&apiKey=43504ab81e2bfae1a7691fe3fc738fdf55ada2757e36f14bcf13d&v=1.16.1&c=AwesomeClientName&f=json` {{< /alert >}} | ||
|
@@ -161,6 +161,7 @@ The following error codes are defined: | |
| 41 | Token authentication not supported for LDAP users. | | ||
| 42 | Password authentication not supported. Use API keys | | ||
| 43 | Multiple conflicting authentication mechanisms provided | | ||
| 44 | Invalid API key or username | | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as above. |
||
| 50 | User is not authorized for the given operation. | | ||
| 60 | The trial period for the Subsonic server is over. Please upgrade to Subsonic Premium. Visit subsonic.org for details. | | ||
| 70 | The requested data was not found. | | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the new apiKey version no more pass an username so it can't be a wrong user name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason why I left username is if it's not required (and clients just specify api key), then there's no easy way to get the username. I would potentially be amenable to adding a new endpoint to turn a token into a username
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ho you left username mandatory I missed that. Well then it makes sense but won't it be a problem if we extend to v2 with apiKey that can be limited to a media and don't want to leak the username in the urls ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds like a new endpoint to exchange token for username (and other things (?) for v2) then
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, could return the scope too ;)
I think better to reuse the apiKey for media than adding again something else that would not bring anything more.