Registration via API

[izyspania]

Is there any way users can register via API? The use case is that i have an android app and i want to let people register from it (and i dont want to include an admin user in the app to use the API for security reasons). Also would be nice to have an option to disable user access on the website and only give them access with the api (from my android app). Edit: + an forgot password API

Thanks

[lachlan-00]

that's kind of a cool idea. putting a flag on users that blocks website access might be a good addition.

There isn't a method for registration but i think that's not a big jump to add. I would probably have an admin 'key' that is hashed in the request so when your app generates a request it's not something people can just spam servers

[lachlan-00]

it is a goal that eventually everything you can do on the website is something you can do as an API user

[troycarpenter]

The only way I know right now is to use LDAP as your backend authentication. The LDAP system will create the user with some default access IF the user exists in the backend LDAP server and works via the API or the web interface. Turning off web access is interesting as well.

This really is only useful in situations where you are providing the Ampache service (and others) where it makes sense to have an LDAP backend. For me, I've tied Ampache to my email service which uses LDAP for its user database. That means my users who have never signed into Ampache can use a remote app like Dsub (uses Subsonic API) to sign in, and it will auto create the user (if the settings in ampache.cfg.php) and give them access to content.

[izyspania]

I will explore the LDAP method , i never used LDAP method before. I am using Subsonic API on my app too but i can switch to Ampache API if needed. I dont want to use the ampache web interface as my app its audiobook oriented and ampache is not , so i just want to use it as a server , i can build my own version of website if i want a web version using the API instead of messing with the Ampache code to make it suite my needs.

So what would be nice to have is:

1. Stop access for non admin users on the ampache website,
2. Api for creating a user without admin access (i will try and see how LDAP works)
3. Api for "forgot password" (so i can use it directly from the app in case some user forgets its password, can you do this with LDAP too?)
4. Would be nice if Ampache would have some sort of API access management or some option so i can let only specific apps to access the API (something like a token that i can pass from the app to verify if its one of the allowed apps) - im working on some kind of my own implementation on this. (EDIT: maybe something like getLicense API on original Subsonic)
5. Some kind of session manager so i can restrict how many apps can be connected at the same time from the same user (i am checking out the handshake / goodbye from API5.5 to see if i can make an workaround)
6. Would be nice if we had an Album description field (like we have biography for Artists), would like to add some description to my books. (i know its not Subsonic default but it doesnt affect it if it was to be added and its a nice thing to have / Subsonic podcast API has a description )

[troycarpenter]

The LDAP solution is not for the faint of heart. In fact, I would only recommended using it IF you already have an LDAP server that you use to authenticate users. That method, since it's a plugin for Ampache authentication, should work for all APIs available (Ampache, Subsonic or otherwise).

I'm not sure about those other features, but usually for LDAP, most applications do NOT do a "forgotten password" method simply because there is often another server where that is done. For instance, since my LDAP server is installed with my email system, my email clients have a way to reset a forgotten password. Since the password is the same for all my LDAP backed applications, if the user has forgotten their Ampache password, then that user is not likely able to log in and get email either and will use that to reset the password.

[lachlan-00]

i've added a method to allow api registration now with eeda7bcce will need to do some testing with it but should allow user registration, email verification, etc the same as the website register pages

[izyspania]

Thats great , i will test it out.

Edit: Any chance you can add it to the subsonic API too?

[lachlan-00]

is there a method in subsonic that allows reg?

[izyspania]

In subsonic API specs there is a method for admins to add a user but not registrations , anyway it will be a nice touch to have that even if its out of spec , my app was built with subsonic API and would be faster and easier to implement registration in the app with subsonic API (maybe there are others in the same situation).

[lachlan-00]

if the group extending subsonic in symphonium want to add one too i'll implement it https://support.symfonium.app/t/expanding-subsonic-api/1115