owncloud / music

:notes: Music app for ownCloud
GNU Affero General Public License v3.0
572 stars 198 forks source link

Authentication #295

Open tooxie opened 10 years ago

tooxie commented 10 years ago

Hi everyone,

I'm opening this issue to inform you that token-based authentication will be merged soon into shiva's master branch, which means that by default (can be configured) there has to be a login step and all subsequent requests will have to include an authentication token.

If you do integrate this feature, I'd appreciate if you can give me feedback about the process, what could be simplified and/or improved. The documentation about users will include more information (once the PR gets merged) but I think that it still can (and should) be greatly improved.

Cheers!

MorrisJobke commented 10 years ago

Thanks for noticing. I will have a look. But I'm currently quite busy with other stuff :(

tooxie commented 10 years ago

It's alright, I just wanted to let you know that future versions of Shiva may break compatibility.

ghost commented 10 years ago

Hi @tooxie,

It looks like there is some information missing from your ticket that will be needed in order to diagnose and fix the problem at hand. Please take a look at the Contribution Guidelines, which will tell you exactly what your ticket has to contain in order to be processable.

I'm marking this one now as needing some more information. Please understand that if you do not provide that information within the next two weeks (until 2014-10-08 14:04) I'll close this ticket so it doesn't clutter the bug tracker.

Best regards, ~ Your friendly GitIssueBot

PS: I'm just an automated script, not a human being.

MorrisJobke commented 10 years ago

@tooxie Don't mind this. It's our housekeeper ;)

tooxie commented 10 years ago

Hehe no worries @MorrisJobke, I figured.

poVoq commented 4 years ago

I guess this got never merged?

I am running into trouble with the Subsonic API. My client (uSonic https://open-store.io/app/usonic.arubislander ) is complaining "Token-based authentication not supported".

paulijar commented 4 years ago

@poVoq This old issue is about Shiva API, and it pre-dates the Subsonic API support by 5 years ;).

But for the Subsonic API, we do not support the token-based authentication. This is because due to the brain-dead design of the Subsonic API, this newer authentication method is less secure than the original password-based system (this is explained with some more details in #718). So unless your Subsonic client offers an option to turn off the "token and salt authentication", it cannot be supported. Note that the option may also be something like "enable LDAP", because even the real Subsonic server cannot use token and salt authentication when it is using LDAP for user account management.

poVoq commented 4 years ago

Ok, thanks for the quick response. I made a feature request on the client side of thing then: https://gitlab.com/arubislander/uSonic/-/issues/14