search

akezeke / spotyxbmc2

spotyXBMC is a fork of XBMC with spotify support
Other
133 stars 29 forks source link

Clementine’s way of implementing Spotify ! Getting rid of the API key ? #23

Open bergalath opened 12 years ago

bergalath commented 12 years ago

Hi @akezeke,

I think you should check how the clementine-player’s team handle the Spotify API key :

http://code.google.com/p/clementine-player/source/browse/ext/clementine-spotifyblob/spotifykey.h

More details/discussions on this with @tompen- here ? : http://openelec.tv/forum/13-miscellaneous/7010-spotify?limit=20&start=80#26307

akezeke commented 12 years ago

Hi,

And check in http://code.google.com/p/clementine-player/source/browse/ext/clementine-spotifyblob/spotifyclient.cpp at row 42, there they are showing how to use their key so anyone interested can just take it and use it.

The problem here is that since libspotify needs the key in a specific format, it cant be encrypted or whatever and used without decrypted before being passed to libspotify.

avbk commented 12 years ago

Hey guys,

I think decoupling the API key from the source code is an important issue, because normal users should not be forced to get their own API key, edit source code an then compile it. I just thought of two ideas:

1) Encrypt the API Key, and put the encrypted key into the source. Provide the decryption method as an closed source external library. By this method you can provide the API key in a secure way. The only problem I can think of is that the xbmc license (GNU GPL afaik) would clash with such an closed source Library. But since this fork is already using a closed source lib by accesing libspotify, this solution would not cause any new problems.

2) Read the license from the Filesystem on demand. Using this solution you (or at least someone ;-) ) could provide binary packages. The user would 'only' need to apply for a dev account and an API key. Then he could put that key to a specific location, like ~/.xbmc/spotify-api.key

dtony commented 12 years ago

Providing an external way to get the key could be a good idea IMHO but the main issue is that libspotify licence does not allow to provide binaries linked to libspotify if I remember well.

escoand commented 11 years ago

If you tell me what's wrong with https://github.com/akezeke/spotyxbmc2/pull/55 I could fix it!