[Feature Request] Auth with Plex

[flying-sausages]

Is your feature request related to a problem? Please describe. It would be nice to be able to auth with Plex in order to not let anyone see what films you've got in your libraries. You could also use this to pre-fill names for the users and get some nice pictures if they have them set up

Describe the solution you'd like Use Plex SSO and check if the machine ID matches the server

Describe alternatives you've considered using a reverse proxy with some other SSO/Auth mechanism

Additional context N/A

[LukeChannings]

Notes for future me:

• The sign-in endpoint is plex.tv/api/v2/users/signin
• It takes a { login: string, password: string, rememberMe: boolean, verificationCode?: string }
• It returns code 1029 if a verification code is required ({"errors":[{"code":1029,"message":"Please enter the verification code"}]}), or 1001 if the username / password are incorrect.
• When successful, it sets a plex_tv_auth cookie and the following shape:

  interface PlexSigninResponse {
      id:                      number;
      uuid:                    string;
      username:                string;
      title:                   string;
      email:                   string;
      locale:                  null;
      emailOnlyAuth:           boolean;
      hasPassword:             boolean;
      protected:               boolean;
      thumb:                   string;
      authToken:               string;
      mailingListStatus:       string;
      mailingListActive:       boolean;
      scrobbleTypes:           string;
      country:                 string;
      subscription:            PurpleSubscription;
      subscriptionDescription: string;
      restricted:              boolean;
      anonymous:               null;
      home:                    boolean;
      guest:                   boolean;
      homeSize:                number;
      homeAdmin:               boolean;
      maxHomeSize:             number;
      certificateVersion:      number;
      rememberExpiresAt:       number;
      profile:                 Profile;
      entitlements:            string[];
      roles:                   string[];
      subscriptions:           SubscriptionElement[];
      pastSubscriptions:       any[];
      trials:                  any[];
      services:                Service[];
      adsConsent:              boolean;
      adsConsentSetAt:         number;
      adsConsentReminderAt:    number;
      twoFactorEnabled:        boolean;
      backupCodesCreated:      boolean;
  }
  
  interface Profile {
      autoSelectAudio:              boolean;
      defaultAudioLanguage:         string;
      defaultSubtitleLanguage:      string;
      autoSelectSubtitle:           number;
      defaultSubtitleAccessibility: number;
      defaultSubtitleForced:        number;
  }
  
  interface Service {
      identifier: string;
      endpoint:   string;
      token?:     string;
      status:     Status;
      secret?:    string;
  }
  
  enum Status {
      Online = "online",
  }
  
  interface PurpleSubscription {
      active:         boolean;
      subscribedAt:   Date;
      status:         string;
      paymentService: string;
      plan:           string;
      features:       string[];
  }
  
  interface SubscriptionElement {
      id:       null;
      mode:     string;
      renewsAt: null;
      endsAt:   null;
      type:     string;
      transfer: null;
      state:    string;
  }
  

[flying-sausages]

I think it would be good to think of some use cases before just authing everything

• multiple users with plex accounts andn having access to the same plex server
• multiple users where one or more users do not have direct access to the plex server (e.g. watching in person wih users who do)
• ..?

I guess it would make sense to keep a way for account-less people to join an existing room. It makes no sense for users who don't have an account to be able to make rooms either (how are they gonna watch?).

[Teeko7]

I think it would be good to think of some use cases before just authing everything

• multiple users with plex accounts andn having access to the same plex server
• multiple users where one or more users do not have direct access to the plex server (e.g. watching in person wih users who do)
• ..?

I guess it would make sense to keep a way for account-less people to join an existing room. It makes no sense for users who don't have an account to be able to make rooms either (how are they gonna watch?).

• Preventing restricted accounts/users from seeing media they cannot play (e.g. my kids are "home users" underneath my account with restrictions based on ratings)

[Nelinski]

I'd love to have an auth system in place. It's the one thing stopping me from adding it to my reverse proxy to be "public". Two user cases I can think of:

• Hide your media library from random people accessing your reverse proxy
• Limit access to media to certain age groups. E.g. if the kids want to pick a film and can't decide, they can get film suggestions that are suitable to them.

[rouke-broersma]

It takes a { login: string, password: string, rememberMe: boolean, verificationCode?: string }

It would probably be better to use an application/oauth flow instead of having to put your username/password into moviematch to then pass on to plex.

[LukeChannings]

Here's how I've implemented the auth flow:

https://user-images.githubusercontent.com/461449/108640986-b2485a00-7494-11eb-8d6f-4e8fa96de9d5.mov

If you use 2FA Plex's login page will take care of it.

[Teeko7]

Does this handle home users? or only logging in using the plex account?

[LukeChannings]

Only logging in with a Plex account at the moment, although the dev branch is far from ready at the moment (still working on filters).

Finding out that the user is on the same network as the Plex server might need DNS-SD, which isn't something I can do in a web app.

You might need to log in with the server owner's Plex account to be able to use a home user, but I'll have to look into it more if I get time.