audiobookshelf icon indicating copy to clipboard operation
audiobookshelf copied to clipboard

Published 20 hours ago verified publisher icon advplyr

[Enhancement]: Allow authentication via the API

Open duplaja opened this issue 3 years ago • 4 comments

Describe the feature/enhancement

Right now, in order to log-in, the mobile apps need to hit the /login endpoint, which is the same as the web browser login.

Implementing an alternate authentication method via the API, and using this endpoint for the mobile apps, will allow the the browser login page to be put behind additional authentication much more easily (authelia, basic auth for that url, etc).

duplaja avatar Jun 02 '22 18:06 duplaja

I don't understand, why would the endpoints need to be different?

advplyr avatar Jun 02 '22 18:06 advplyr

Sure! Authelia protects by forcing non-bypassed urls / endpoints to redirect to a separate subdomain, to authenticate.

Ideally, I'd put audio.example.com/login behind Authelia, so that anyone who has not authenticated with my Authelia instance is forced to authenticate there first (allows me to do stuff like 2FA).

The mobile app (Android) sends the login request to audio.example.com/login as well, and since it's an app embed, it can't handle a redirect / throws an unknown error.

The preferred outcome (for me) would be to be able to protect the web login via Authelia, while still allowing the mobile apps to function by bypassing a point they authenticate with. I was able to get this to work via some manipulation of the trailing slash on that URL, but it's not the best to rely on.

duplaja avatar Jun 02 '22 19:06 duplaja

Would it not be better to support OpenId and/or Proxy Authentication Headers?

Kramins avatar Jul 01 '22 16:07 Kramins

Yes I think so. That was being discussed here https://github.com/advplyr/audiobookshelf-app/issues/254

advplyr avatar Jul 01 '22 18:07 advplyr

Closing this as an SSO solution requested in #998 overlaps

advplyr avatar Nov 24 '22 16:11 advplyr