Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Key Authentication #99

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
+222 −52
Open

API Key Authentication #99

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
bbe1a3e
initial proposal for api key authentication
kgarner7 Aug 31, 2024
81965c7
v1 rework
kgarner7 Oct 17, 2024
e95541a
Merge branch 'main' into api-key-auth
kgarner7 Oct 17, 2024
dcf5645
remove v2 uncommitted stuff
kgarner7 Oct 17, 2024
d690523
Merge branch 'api-key-auth' of github.com:opensubsonic/open-subsonic-…
kgarner7 Oct 17, 2024
c206a8f
errors, remove auth header
kgarner7 Oct 17, 2024
7bfe865
add tokenInfo endpoint, require u to be unset, minor cleanup for getL…
kgarner7 Oct 18, 2024
4b94bc6
fix copypasta
kgarner7 Oct 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion content/en/docs/Extensions/apiKeyAuth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,4 @@ In both cases, it is recommended that the server provide a meaningful url (confi

## New error codes

This extension introduces two new errors `42` and `43`, and adds a new field `helpUrl`. See [error](../../responses/error)
This extension introduces three new errors `42`, `43` and `44`, and adds a new field `helpUrl`. See [error](../../responses/error)
1 change: 1 addition & 0 deletions content/en/docs/Responses/error.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ The following error codes are defined:
| 41 | Token authentication not supported for LDAP users. |
| 42 | Password authentication not supported. Use API keys |
| 43 | Multiple conflicting authentication mechanisms provided |
| 44 | Invalid API key or username |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the new apiKey version no more pass an username so it can't be a wrong user name.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason why I left username is if it's not required (and clients just specify api key), then there's no easy way to get the username. I would potentially be amenable to adding a new endpoint to turn a token into a username

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ho you left username mandatory I missed that. Well then it makes sense but won't it be a problem if we extend to v2 with apiKey that can be limited to a media and don't want to leak the username in the urls ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds like a new endpoint to exchange token for username (and other things (?) for v2) then

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, could return the scope too ;)

I think better to reuse the apiKey for media than adding again something else that would not bring anything more.

| 50 | User is not authorized for the given operation. |
| 60 | The trial period for the Subsonic server is over. Please upgrade to Subsonic Premium. Visit subsonic.org for details. |
| 70 | The requested data was not found. |
3 changes: 2 additions & 1 deletion content/en/docs/api-reference.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ See [API Key authentication](../extensions/apikeyauth)

For servers that implement [API Key authentication](../extensions/apikeyauth), the recommended authentication is to use an API key.
This is a token generated from the Subsonic server.
It may either be passed in as `apiKey=<API key>`, or as a header `Authorization: Bearer <API key>`.
It must be passed in in as `apiKey=<API key>`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

double in in

Note that `u`/`p` may still be used by servers which are backed by LDAP/PAM/other authentication.

{{< alert color="primary" >}} `http://your-server/rest/ping.view?u=joe&apiKey=43504ab81e2bfae1a7691fe3fc738fdf55ada2757e36f14bcf13d&v=1.16.1&c=AwesomeClientName&f=json` {{< /alert >}}
Expand Down Expand Up @@ -161,6 +161,7 @@ The following error codes are defined:
| 41 | Token authentication not supported for LDAP users. |
| 42 | Password authentication not supported. Use API keys |
| 43 | Multiple conflicting authentication mechanisms provided |
| 44 | Invalid API key or username |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above.

| 50 | User is not authorized for the given operation. |
| 60 | The trial period for the Subsonic server is over. Please upgrade to Subsonic Premium. Visit subsonic.org for details. |
| 70 | The requested data was not found. |
Expand Down