mTLS Connectivity for Music Providers

Feature description:

Allow providing/uploading a client certificate to authenticate with a source (e.g. subsonic) using mutual tls (mTLS).

Problem solved:

If a service is only available with a client certificate, you cannot access it with Symfonium.

Brought benefits:

This allows people to more securely self host services not on a VPN but with similar security.

Other application solutions:

 
See:

(and more)
 

Additional description and context:

 
Thank you!!
 

Screenshots / Mockup:

    

1 Like

yes please, I’m also interested in this.
This is one of the things that make me hesitate about buying the app or if I should try to contribute to a open source project instead to add this feature.

1 Like

There’s very little chance I add that soon as it’s not possible to cast with that configuration.

Hmm too bad :frowning:

Personally don’t ever use the streaming nor care…

all local playback

Also isn’t chromecast being sunset?

Chromecast is far from sunset and I also support UPnP.

One other major use of your app is to store the file locally in offline cache, which would work in any mode.

I guess it’s just a wish anyways. It is the year of client certs, IMO.

Maybe the google tv streamer uses chromecast but the chromecast line is definitely up.

The protocol still lives in many devices.

And you need to think about the support burden after, half the support is network issues. People think they understand but actually don’t.

1 Like

To be fair, I don’t know many people capable of establishing a mTLS stream that are incapable of solving basic technical network issues. Generally speaking, they can try it in Navidrome in a browser anyways.

That said, I do sympathize that you might encounter users who haven’t set it up and ask for help with that.

In each of the other apps (Immich, HASS, Bitwarden, etc), you are deliberately defining you want your connection to use a client cert, so it’s not really possible by accident.

Another thing of note maybe is that for people using cloudflare makes it very easy to do so I expect more people are going to come knocking. (I am not one of those.. but been seeing the chatter)

1 Like

If it’s in the interface people will click and complain :slight_smile:

You have no idea the dumb support and bad rating I get, and since it’s a paid app, people think for 6€ I include going to their home and fix their network…

1 Like

You’re probably right about clicking and complaining. In the case of immich, you connect to a server, and during that connection, you click advanced, that opens a form with these inputs, so you really have to try hard to accidentally mess things up, but I do understand. I am a career programmer, I am happy go lucky, but I hear you, most people sprint into brick walls.

There’s a few different approaches. Nextcloud uses your Android cert store for example, which can be confusing if you aren’t expecting it. That’s where the immich one shines. You have to specify you actually /want/ a client cert (*.pfx), then upload it, then provide its decrypting password, or it just undoes that configuration.

I have bought your app many times over though and regardless of what happens here, thanks again. Can’t think of any other ways it could possibly be better so rock on :slight_smile: