Authentication

[tooxie]

Hi everyone,

I'm opening this issue to inform you that token-based authentication will be merged soon into shiva's master branch, which means that by default (can be configured) there has to be a login step and all subsequent requests will have to include an authentication token.

If you do integrate this feature, I'd appreciate if you can give me feedback about the process, what could be simplified and/or improved. The documentation about users will include more information (once the PR gets merged) but I think that it still can (and should) be greatly improved.

Cheers!

[MorrisJobke]

Thanks for noticing. I will have a look. But I'm currently quite busy with other stuff :(

[tooxie]

It's alright, I just wanted to let you know that future versions of Shiva may break compatibility.

[ghost]

Hi @tooxie,

It looks like there is some information missing from your ticket that will be needed in order to diagnose and fix the problem at hand. Please take a look at the Contribution Guidelines, which will tell you exactly what your ticket has to contain in order to be processable.

I'm marking this one now as needing some more information. Please understand that if you do not provide that information within the next two weeks (until 2014-10-08 14:04) I'll close this ticket so it doesn't clutter the bug tracker.

Best regards, ~ Your friendly GitIssueBot

PS: I'm just an automated script, not a human being.

[MorrisJobke]

@tooxie Don't mind this. It's our housekeeper ;)

[tooxie]

Hehe no worries @MorrisJobke, I figured.

[poVoq]

I guess this got never merged?

I am running into trouble with the Subsonic API. My client (uSonic https://open-store.io/app/usonic.arubislander ) is complaining "Token-based authentication not supported".

[paulijar]

@poVoq This old issue is about Shiva API, and it pre-dates the Subsonic API support by 5 years ;).

But for the Subsonic API, we do not support the token-based authentication. This is because due to the brain-dead design of the Subsonic API, this newer authentication method is less secure than the original password-based system (this is explained with some more details in #718). So unless your Subsonic client offers an option to turn off the "token and salt authentication", it cannot be supported. Note that the option may also be something like "enable LDAP", because even the real Subsonic server cannot use token and salt authentication when it is using LDAP for user account management.

[poVoq]

Ok, thanks for the quick response. I made a feature request on the client side of thing then: https://gitlab.com/arubislander/uSonic/-/issues/14