implement OAuth and refactor config

[eladyn]

This builds on top of #1317 and implements the missing OAuth support, which replaces the no longer available username + password method. Since this required some refactoring of the configuration anyway, I replaced structopt with the (actively developed) clap, which is the successor of structopt.

By removing the username + password method, we basically get rid of all the sensitive value handling, e.g. the keyring. (Well, one could still store the cached credentials in the keyring, but that hasn't happened before either, so this could be a future extension.)

The OAuth support is a bit clunky at the moment and surely could use some refinement in the future, but since this has been missing for quite some time now, it's probably better to put it out there and iterate on that later.

If I'm not mistaken, all configuration changes should be backwards compatible so far (or at least not error on previously working configs, of course username or password values are no longer used).

The current design of the authentication is as follows:

• By using the spotifyd auth(enticate) subcommand, one initiates the OAuth process and is directed to accounts.spotify.com. After logging in there, we receive the token and exchange it for a longer-lived credential blob. This blob is stored at $cache_directory/oauth/credentials.json
• If spotifyd finds an authentication blob from oauth on startup, it uses that for the first session.
• If not disabled via --disable-discovery or disable_discovery = true (even if an oauth blob is present), discovery is started and selecting a device there ends the current session and starts a new one.
• The last active session is also cached in $cache_directory/credentials.json and will be used on startup, when no oauth blob can be found.

Closes #800, closes #778 (due to configuration refactor).
Fixes #1293 (oauth support).
Fixes #1212 (new credential caching logic, no usernames necessary anymore).

Any testing is highly appreciated! Also, none of the changes have been documented so far so that still has to be done before a release.

[bjornfor]

If I'm not mistaken, all configuration changes should be backwards compatible so far (or at least not error on previously working configs, of course username or password values are no longer used).

I understand this as the username, password and password_cmd in the configuration file will now be ignored, and login requires some manual steps in a web browser. Correct?

[eladyn]

I understand this as the username, password and password_cmd in the configuration file will now be ignored, and login requires some manual steps in a web browser. Correct?

Yes, that's correct. Alternatively we could maybe keep them around for now and warn the user, when they are encountered...

[mockxe]

Hi, thanks for your work here!

I just gave this a quick test, one thing I immediately noticed was:

Loading config from "/home/mockxe/.config/spotifyd/spotifyd.conf"
Error: 
   0: failed to read config file
   1: TOML parse error at line 1, column 1
   1:   |
   1: 1 | [global]
   1:   | ^^^^^^^^
   1: missing field `initial_volume`
   1: 

This can obviously fixed by adding a initial_volume=100 to the config, but I think a sensible default- / fallback-value would be good here, especially to not break existing configs.

Other than that I can only say the login process worked without a problem and so far it's running flawlessly. I keep you updated if I encounter any issue.

[eladyn]

Hi, thanks for your work here!

I just gave this a quick test, one thing I immediately noticed was:

Loading config from "/home/mockxe/.config/spotifyd/spotifyd.conf"
Error: 
   0: failed to read config file
   1: TOML parse error at line 1, column 1
   1:   |
   1: 1 | [global]
   1:   | ^^^^^^^^
   1: missing field `initial_volume`
   1: 

This can obviously fixed by adding a initial_volume=100 to the config, but I think a sensible default- / fallback-value would be good here, especially to not break existing configs.

Other than that I can only say the login process worked without a problem and so far it's running flawlessly. I keep you updated if I encounter any issue.

Oh, huh. That should indeed not be happening. Thanks for the report.

[DocMarty84]

Hello,
Thank you for the work. A quick test worked, that's great!
Hopefully I'll be able to try a bit more intensively this week-end.

[eladyn]

@mockxe The error because of a missing initial_volume parameter should now be fixed.

[solarfl4re]

spotifyd is setting a higher volume than initial_volume on my system: with a value of 1, system volume is set to 58%, with 2 - 65%, and 15 gives 83%. The only value read properly in my testing is 0, which sets the volume to zero.

Whether initial_volume is set as a number or string doesn't make a difference.

This is with backend = alsa on Linux, full config is here.

[eladyn]

That's a good point. I guess there is some weirdness around volume that I'll have to look into...

[solarfl4re]

That's a good point. I guess there is some weirdness around volume that I'll have to look into...

Maybe it was a misunderstanding on my end - I changed volume_controller to alsa_linear and now initial_volume = 2 sets my system volume to 2% as I expected.

After all the starting & stopping of spotifyd, Spotify made me reset my password, but after running spotifyd auth everything is working :)