Apple Music Gets Another Unofficial Web Player With Launch of 'Musish'

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 21, 2019.

  1. Brodlum, Jan 21, 2019
    Last edited: Jan 21, 2019

    Brodlum macrumors newbie

    Joined:
    Jun 14, 2018
    #101
    You’re very welcome to self host Musish! We plan on setting up a Dockerfile some time over the next week or two.

    For now I understand feeling uneasy, we’re more than happy with self hosting and if you want help feel free to reach out!

    We use Apple’s federated authentication system, it works similar to how a login with Google or Facebook on a third party service works- at no point are we able to access the user’s credentials, and at no point do we even take their token. Musish is designed to be safe, secure, and private!
    --- Post Merged, Jan 21, 2019 ---
    Perhaps it was a slightly over-engineered solution, but at least now I have less of an excuse to be distracted by my phone while at work.

    And lol, we all do well over the work we’re paid to do.
     
  2. H2SO4 macrumors 601

    Joined:
    Nov 4, 2008
    #102
    You shouldn’t blindly trust closed source software either......
     
  3. TheFluffyDuck macrumors 6502

    Joined:
    Jul 26, 2012
    #103
    Shows just how far Apple has fallen. We all know how this story will end. Apple will force these developers to stop, and there will be nothing for a while, then BOOM! "We invented the web player!".
     
  4. chucker23n1 macrumors 68020

    chucker23n1

    Joined:
    Dec 7, 2014
    #104
    I still don't get it. You want to pay for a Spotify account plus an Apple Music family account just so you can use the Spotify UI and Spotify hardware, but play Apple Music music? Why not just ditch Apple Music altogether at that point?
    --- Post Merged, Jan 22, 2019 ---
    Google, like any other major tech company (and like Apple Music in this case) uses OAuth so you don't give a third party your credentials. You give the first party your credentials, then opt in to the third party getting limited access to your profile information (but not your credentials).

    Sure, phishing is a major concern. Yes, it's possible someone writes a web app similar to Musish that merely mimics Apple's sign-in UI and actually steals your credentials. And yes, there is a risk of training people to confirm stuff they shouldn't have confirmed. But this app is not an example of that, and this thread is full of poorly-informed fearmongering.
    --- Post Merged, Jan 22, 2019 ---
    No, it shows how useful it is that Apple has provided APIs to write an Apple Music-based web app, and it shows how nice those results can be.
     
  5. drumpat01 macrumors 6502

    drumpat01

    Joined:
    Jul 31, 2004
    Location:
    Denton, TX
    #105
    anyone else getting a 403 forbidden message from both web-based services when they try to log in now?
     
  6. martyjmclean macrumors 6502

    martyjmclean

    Joined:
    Jan 24, 2018
    Location:
    Sydney, NSW, Australia
    #106
    Why would you need to pay for Spotify just to use their UI? There’s also no Spotify hardware.

    Well it’s a good thing we’re on macOS 10.14...
     
  7. bransoj macrumors 6502a

    Joined:
    Jul 31, 2013
    #107
    Both working for me....
     
  8. zarmanto macrumors regular

    zarmanto

    Joined:
    Feb 3, 2014
    Location:
    Around the corner from the 7/11
    #108
    Sadly, it looks like this does me no more good than did the previous attempt -- though, I did do slightly more analysis this time than last. It appears that you have to be a subscriber to the full Apple Music service in order to take advantage of their API in this fashion; iTunes Match subscribers (like myself) are the proverbial red-headed step child, and need not apply.

    Mind you, I suppose I could just cancel iTunes Match entirely at this point, and instead use a free home cloud solution, such as Tonido...
     
  9. Howard Brazee macrumors 6502

    Howard Brazee

    Joined:
    Oct 24, 2006
    Location:
    Lafayette CO
    #109
    I was curious to see what this would give me that iTunes didn't, so I tried it. The surprising thing to me is that it won't show anything in "My Library". The only selection that it shows anything for is "Browse". But I did browse through and found a song and went to play it, but could only play 30 seconds. iTunes is buggy, but it *does* talk to my HomePod, and I can find all of its music.
     
  10. imola.zhp macrumors 6502a

    imola.zhp

    Joined:
    Jun 1, 2010
    Location:
    Mud Island (Memphis), TN
  11. chucker23n1 macrumors 68020

    chucker23n1

    Joined:
    Dec 7, 2014
    #111
    Why are you repeating my question?

    No, I used a shorthand. It was clear from the context what I meant.
     
  12. szw-mapple fan macrumors 65816

    szw-mapple fan

    Joined:
    Jul 28, 2012
    #112
    Of course. I'm simply pointing out the dangers that are inherent in all software. The post I was replying to was implying that software was inherently safe if its open source.
     
  13. martyjmclean macrumors 6502

    martyjmclean

    Joined:
    Jan 24, 2018
    Location:
    Sydney, NSW, Australia
    #113
    I’m not repeating your question, I’m asking you why you think you need to pay for Spotify just to use their UI/app...
    You don’t.
     
  14. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
  15. japanime macrumors 68000

    japanime

    Joined:
    Feb 27, 2006
    Location:
    Japan
    #115
    Is that a third-party site, or actually owned by Apple. I can't really tell.
     
  16. chucker23n1 macrumors 68020

    chucker23n1

    Joined:
    Dec 7, 2014
    #116
    I do not think that.
     
  17. Manatlt macrumors 6502a

    Joined:
    Aug 26, 2013
    Location:
    London, UK
    #117
    Why are you so out of the picture? You are entering your ID and password through Apple on Musish. Nothing suspicious.

    I'm guessing you don't use "Login with Facebook/Google" you see on Soundcloud, forums and other websites? This is the same thing.
     
  18. tonyr6 macrumors 65816

    tonyr6

    Joined:
    Oct 13, 2011
    Location:
    Brooklyn NY
    #118
    Finally someone gets it.
     
  19. jaknudsen macrumors member

    jaknudsen

    Joined:
    Jan 25, 2005
    Location:
    Oslo, Norway
    #119
    This is FAR FROM the same thing, and it's incredibly naïve to think so. By using Facebook/Google credentials on other websites/services that provide content, you give Facebook/Google access to your activity on those services. Musish does not provide any content themselves, and by using Apple ID on Musish you only gain access to Apple's own content.
     
  20. Brodlum macrumors newbie

    Joined:
    Jun 14, 2018
    #120
    It really is the same thing, though.

    All three services named here (Facebook, Google, and Apple) use a type of system known as "federated identity", which is a method a service can use to provision a trusted access token to a service. This token can enable the access / management of a scope of data.

    In fact, not only are they both using the same sort of system, but they seem to actually be built around the same industry standard at their core: OAuth. Apple connect through https://idmsa.apple.com/IDMSWebAuth/auth?oauth_token when you access their login page, they then feed the token back to Musish.

    Read more about federated identity here:
    https://en.wikipedia.org/wiki/Federated_identity

    When you login to Musish, Apple provide your web browser a token. This token enables Musish within your browser to verify your Apple Music access (with a very limited scope) to Apple. This means that Apple have verified you are the person who they handed the token to, and now they are happy to send you a list of your library songs, albums, and to even let you stream data from Apple Music's catalog. When you login through Facebook the exact same thing happens, and at that point Facebook are happy to serve you data from your account (or even send some data if permitted), to the scope which the authentication window asked for.

    Without wanting to spend time to find a "Login with Facebook" or "Login with Google" button, here's some examples from Google Images:
    https://imgur.com/a/jZTJDoO
     

Share This Page