Support basic authentication

[tetricky]

I have some self provided streams, which are behind a reverse proxy, with authentication required.

I would like to be able to supply basic authentication in the form:

http://user:password@domain.com/

I've tried this, and it doesn't appear to be supported currently.

[oxyroid]

Please tell me more about this, I didn't understand well

[tetricky]

In order to provide some sort of authentication to publicly accessible streams, but to retain cross platform support of .ogg streams, there is a narrow range of options.

.ogg is not natively, or easily, supported on ios, but basic authentication through passing credentials in the URL are supported by VLC, which in turn supports .ogg on a cross platform basis.

Such streams can therefore be accessed cross platform without re-encoding or multiple endpoints. They are also available in the browser on android and Linux using url credentials.

It would be handy to be able to manage and access them in m3u (I have my radio favorites in a playlist, which I use as an internet radio). Currently those with URL credentials don't play.

The stack for these streams is an icecast2 server, behind caddy2 reverse proxy, with authentication through authelia backed with an lldap backend. If the http(s) request through URL has a valid user and password encoded in the URL, and that lldap user is granted access to the group that has permission to access that stream, then it is served (via browser or VLC depending on originator). If it doesn't, it is denied. I'm not aware of any other authentication scheme that can successfully serve ogg streams to ios.

[oxyroid]

Please try 1.14.0-alpha13

[tetricky]

1.14.0-alpha13 has just come through on Fdroid for me.

Looking at streams with basic auth in the url I'm getting:

IDLE [2004] ERROR_CODE_IO_BAD_HTTP_STATUS

[oxyroid]

1.14.0-alpha13 has just come through on Fdroid for me.

Looking at streams with basic auth in the url I'm getting:

IDLE

[2004] ERROR_CODE_IO_BAD_HTTP_STATUS

Have you try to play the channel in any other player? Could you share the link for me?

In addition, Please test it in latest package which is published in Github release page.

[tetricky]

Unfortunately I don't have a build environment. I have to wait until releases are available through fdroid (alpha 13 arrived this morning).

This is a username and password coded into a stream url for you to test. I've checked it in a browser, in vlc, and using mpd. It should play an ogg audio stream of a radio station.

https://realoxy:password@partridge.trentend.uk/apiatt.ogg

I would like to remove this access as soon as possible, when you have finished with it.

[oxyroid]

@tetricky Thanks. I have successfully played the audio correctly on my local computer, you can turn it off. Also, I would like to know if this should be the default identity verification way. Is there any way for me to determine which verification way a channel needs to use?

[tetricky]

Not that I'm aware of. Authentication and SSO is a pretty nebulous thing. Largely there are a range of schemes...but basic authentication encoded into the url, as in this case, is the only simple method that requires no user intervention or reading of cookies or jwt tokens.

It's not perfect, but this is the only practical way that I am aware of to deliver a standalone url that passes user credentials to the hosting server, that works across platform and in multiple apps (for example I am unaware of any way of authenticating a user in any other way in VLC).

I doubt that it's worth the resource getting involved in any of those, and this basic authentication is likely an edge case at best. The request was really of self-interest (I use it), but also because I thought that it might be achievable.

[oxyroid]

Please try the latest snapshot package. Is it worked for you?

[tetricky]

Without access to a build (the f-droid repositories are only at alpha 15, and I do not have an environment that I can build and test releases).

As of alpha 15 still getting [2004] ERROR_CODE_IO_BAD_HTTP_STATUS

[tetricky]

I've just had the opportunity to try on v1.14.0-beta04 (update yesterday).

Now it just says "BUFFERING" and then "IDLE", without the error message - but the stream doesn't play.