Organizr icon indicating copy to clipboard operation
Organizr copied to clipboard

Published 20 hours ago verified publisher icon causefx

Organizr jellyfin_credential cookie from Jellyfin SSO stops syncplay from working in Jellyfin

Open ianabney opened this issue 2 years ago • 10 comments

Organizr Version: V 2.1.2330
Branch: Master
WebServer: Nginx from linuxserver.io's SWAG-docker
Operating System: Organizr docker container running on PopOS 22.04
Problem Description:

Whenever I have Jellyfin SSO enabled in Organizr, syncplay doesn't work in Jellyfin. If I disable Jellyfin SSO, syncplay works as expected. If I have Jellyfin SSO enabled in Organizr and login, I get the jellyfin_credential cookie with the jellyfin access token in it. This cookie is somehow preventing Jellyfin's syncplay from working because if I delete this cookie and reload Organizr and go back to Jellyfin I'm prompted to login because the cookie for SSO isn't there, but once I log in syncplay works as expected.

Reproduction Steps:
  1. Log into Organizr with Jellyfin SSO enabled.
  2. Go to the Jellyfin Tab and it should be logged in already
  3. In Jellyfin tab hit create group in the syncplay button.
  4. Group is created in Jellyfin but you are not in the group and can not join the group (No popup that says "Syncplay enabled")
  5. Delete jellyfin_credential cookie
  6. Refresh Organizr
  7. Go to Jellyfin Tab and log in
  8. In Jellyfin tab hit create group in the syncplay button.
  9. Group is created and you are in it and popup says "Syncplay enabled."

ianabney avatar Jul 28 '22 21:07 ianabney

This is a wild guess but it could possibly be caused because the cookie jellyfin_credentials that is created in sso-functions.php only has part of the data from the response of Jellyfin's AuthenticationResult. The cookie has the ServerID, User, and AccessToken properties, but not the SessionInfo. I think that SessionInfo's Capabilities property is the one that would show that it supports sync. I'm new to all this so I maybe wrong, or there maybe some limitation that would not let this work.

ianabney avatar Jul 28 '22 23:07 ianabney

you are more than likely correct. i will see what information is returned.

causefx avatar Jul 29 '22 00:07 causefx

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

github-actions[bot] avatar Aug 13 '22 03:08 github-actions[bot]

I'd still like this to be looked into if possible.

ianabney avatar Aug 14 '22 03:08 ianabney

It seems that no extra info is in the jellyfin_credentials localStorage key that is set. I do see that it sets 2 more keys: user-xxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxx and _deviceId2 which I can set if needed, just not sure if that is what is missing.

causefx avatar Aug 17 '22 18:08 causefx

I did some more looking and I think that the $token returned from the /Users/authenticatebyname request in the sso-functions.php has some more values that may be needed in order for syncplay to work. The $token that is created from that response is a nested array (the token that is used to create the jellyfin_credentials by using the $token['User'] ['Id'] etc). But I couldn't figure out a good way to see what was in those arrays because I'm pretty new to web debugging. Is there a way to see what the full response from the request is?

ianabney avatar Aug 24 '22 23:08 ianabney

I already have all the new info, i just need to know if those 2 local storage items i listed above are what's needed. Can you manually delete those and see if it still works.

causefx avatar Aug 25 '22 00:08 causefx

While connecting directly to jellyfin I do not need either of those local storage keys for syncplay to work correctly.

Also in my testing, when I use the Jellyfin SSO in organizr and then go to jellyfin (either iFrame or new tab) I won't be able to join syncplay groups. If I then just log out and log back into jellyfin, the syncplay is able to work correctly. So it seems like the problem isn't the cookie like I initially thought beacuse I don't need to clear the cache or delete any cookies, just log off and back in.

I looked into the possibility that the websockets for the two different login methods being the issue, but from what I can tell they have the same request headers and payload. The only difference I found was that the request call stack under the Initiator tab was different. The organizr where I logged off and back into jellyfin (syncplay working): image The organizr where I didn't log off and back on (syncplay broken): image

ianabney avatar Aug 25 '22 01:08 ianabney

I ended up deciding to reconfigure my Jellyfin as a subdomain instead of a subpath for reverse proxying which allows Jellyfin to remember my credentials through organizr because it's a different site. This doesn't actually solve the problem because I'm just bypassing Organizr's Jellyfin SSO but it works for me.

ianabney avatar Aug 30 '22 01:08 ianabney

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

github-actions[bot] avatar Sep 14 '22 04:09 github-actions[bot]

This issue has been closed due to lack of activity, if this issue still persists, please re-open it.

github-actions[bot] avatar Dec 14 '22 03:12 github-actions[bot]