Migrate to new last.fm scrobbling API #776
Comments
|
We also need to add some more logique on when to scrobble:
Really good initiative ! We could fix a various number of issues around last.fm. Will mention them here! |
jooola
added
type: enhancement-closed
|
Any updates on this? The web player is basically unusable because of this. |
|
PR #1224 intends to add support for ListenBrainz scrobbler. |
|
#1224 has been merged, which also included some cleanups for scrobbling (better code organization) that should make this more straightforward to work on, if anyone is interested in picking this up. |
eharris
added
the
status: ideal-for-contribution
You'll need to store the session keys then, which have the same problem (secure storage). No matter what, you cannot get away without storing something sensitive.
Not necessarily. You don't have to do the OAuth bit, you can just use their mobileSession flow. I also didn't see what API key secret we currently use (if any?). There's a bunch of mention about airsonic using subsonic's API key, but where is it? This API transition itself should be fairly trivial. You'll need some persistence bits (and UI, especially for revocation) to store the session keys.
This is much more challenging, Unless we change the web player and have it ping back and tell the server at specific points (play/pause/30sec/halfway/finished), I do not see how the server is supposed to know when to scrobble. It could use some heuristics (like record timestamps when the stream request comes in, and countdown to a specific point, along with some mechanism to revoke the countdown in case the song is canceled), but these would be indirect at best. Currently scrobbling is tied to stream TransferStatuses being created or desroyed, but that's no guarantee that a particular song is being played on the client (it could just be requesting the data and paused). Another option is to move the scrobbling to the client altogether, but that runs the risk of exposing client secrets. |
|
Also #775 was likely accidentally reverted by #1224 and thus the current master on Airsonic cannot actually currently scrobble. airsonic-advanced/airsonic-advanced#112 fixes it (can't reapply #775 because the file doesn't exist the same way anymore) |
Yes, but session keys are revocable and can't leak a password that a user reuses elsewhere. It's still an improvement.
I suspect the only API key in use is for the metadata APIs, so not relevant to scrobbling. |
Yes, but still sensitive and not to be stored openly considering they're lifetime (unless revoked). This doesn't change the need for a secure storage mechanism. I guess an improvement though. |
tesshucom
added
in: external cooperation
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
We currently use an old scrobbling API in the
AudioScrobblerServicewhere HTTPS isn't supported (#775). There's a newer API (https://www.last.fm/api) that supports HTTPS, but will require changes to support, especially around authentication- we'll need an API key and a more sophisticated login flow than "type your password".An upside of switching will be no longer needing to store user credentials though- we'll be granted auth keys by the user.
The text was updated successfully, but these errors were encountered: