implement OAuth and refactor config #1321
Open
+3,545
−3,061
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-Authored-By: dotandl <[email protected]>
This greatly refactors and simplifies the config parsing. Also, it removes the possiblity to specify user and password, since this has been phased out by Spotify and will be replaced by OAuth.
eladyn
force-pushed
the
oauth_support
branch
from
3855db0 to
836fbfa
Compare
6 tasks
I understand this as the username, password and password_cmd in the configuration file will now be ignored, and login requires some manual steps in a web browser. Correct? |
Yes, that's correct. Alternatively we could maybe keep them around for now and warn the user, when they are encountered... |
This was referenced Dec 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This builds on top of #1317 and implements the missing OAuth support, which replaces the no longer available username + password method. Since this required some refactoring of the configuration anyway, I replaced
structoptwith the (actively developed)clap, which is the successor ofstructopt.By removing the username + password method, we basically get rid of all the sensitive value handling, e.g. the keyring. (Well, one could still store the cached credentials in the keyring, but that hasn't happened before either, so this could be a future extension.)
The OAuth support is a bit clunky at the moment and surely could use some refinement in the future, but since this has been missing for quite some time now, it's probably better to put it out there and iterate on that later.
If I'm not mistaken, all configuration changes should be backwards compatible so far (or at least not error on previously working configs, of course username or password values are no longer used).
The current design of the authentication is as follows:
spotifyd auth(enticate)subcommand, one initiates the OAuth process and is directed to accounts.spotify.com. After logging in there, we receive the token and exchange it for a longer-lived credential blob. This blob is stored at$cache_directory/oauth/credentials.jsonspotifydfinds an authentication blob fromoauthon startup, it uses that for the first session.--disable-discoveryordisable_discovery = true(even if an oauth blob is present), discovery is started and selecting a device there ends the current session and starts a new one.$cache_directory/credentials.jsonand will be used on startup, when nooauthblob can be found.Closes #800, closes #778 (due to configuration refactor).
Fixes #1293 (oauth support).
Fixes #1212 (new credential caching logic, no usernames necessary anymore).
Any testing is highly appreciated! Also, none of the changes have been documented so far so that still has to be done before a release.