Apple Music Gets Another Unofficial Web Player With Launch of 'Musish'

You’re very welcome to self host Musish! We plan on setting up a Dockerfile some time over the next week or two.

For now I understand feeling uneasy, we’re more than happy with self hosting and if you want help feel free to reach out!

We use Apple’s federated authentication system, it works similar to how a login with Google or Facebook on a third party service works- at no point are we able to access the user’s credentials, and at no point do we even take their token. Musish is designed to be safe, secure, and private!

--- Post Merged, Jan 21, 2019 ---

Perhaps it was a slightly over-engineered solution, but at least now I have less of an excuse to be distracted by my phone while at work.

And lol, we all do well over the work we’re paid to do.

 

You shouldn’t blindly trust closed source software either......

 

Shows just how far Apple has fallen. We all know how this story will end. Apple will force these developers to stop, and there will be nothing for a while, then BOOM! "We invented the web player!".

 

I still don't get it. You want to pay for a Spotify account plus an Apple Music family account just so you can use the Spotify UI and Spotify hardware, but play Apple Music music? Why not just ditch Apple Music altogether at that point?

--- Post Merged, Jan 22, 2019 ---

Google, like any other major tech company (and like Apple Music in this case) uses OAuth so you don't give a third party your credentials. You give the first party your credentials, then opt in to the third party getting limited access to your profile information (but not your credentials).

Sure, phishing is a major concern. Yes, it's possible someone writes a web app similar to Musish that merely mimics Apple's sign-in UI and actually steals your credentials. And yes, there is a risk of training people to confirm stuff they shouldn't have confirmed. But this app is not an example of that, and this thread is full of poorly-informed fearmongering.

--- Post Merged, Jan 22, 2019 ---

No, it shows how useful it is that Apple has provided APIs to write an Apple Music-based web app, and it shows how nice those results can be.

 

anyone else getting a 403 forbidden message from both web-based services when they try to log in now?

 

Why would you need to pay for Spotify just to use their UI? There’s also no Spotify hardware.

Well it’s a good thing we’re on macOS 10.14...

 

Both working for me....

 

Sadly, it looks like this does me no more good than did the previous attempt -- though, I did do slightly more analysis this time than last. It appears that you have to be a subscriber to the full Apple Music service in order to take advantage of their API in this fashion; iTunes Match subscribers (like myself) are the proverbial red-headed step child, and need not apply.

Mind you, I suppose I could just cancel iTunes Match entirely at this point, and instead use a free home cloud solution, such as Tonido...

 

I was curious to see what this would give me that iTunes didn't, so I tried it. The surprising thing to me is that it won't show anything in "My Library". The only selection that it shows anything for is "Browse". But I did browse through and found a song and went to play it, but could only play 30 seconds. iTunes is buggy, but it *does* talk to my HomePod, and I can find all of its music.

 

Radio function please!

 

Why are you repeating my question?

No, I used a shorthand. It was clear from the context what I meant.

 

Of course. I'm simply pointing out the dangers that are inherent in all software. The post I was replying to was implying that software was inherently safe if its open source.

 

I’m not repeating your question, I’m asking you why you think you need to pay for Spotify just to use their UI/app...

Spoiler: Spolier

You don’t.

 

here's another one : tools.applemusic.com (not as compete)

 

Is that a third-party site, or actually owned by Apple. I can't really tell.

 

I do not think that.

 

Why are you so out of the picture? You are entering your ID and password through Apple on Musish. Nothing suspicious.

I'm guessing you don't use "Login with Facebook/Google" you see on Soundcloud, forums and other websites? This is the same thing.

 

Finally someone gets it.

 

This is FAR FROM the same thing, and it's incredibly naïve to think so. By using Facebook/Google credentials on other websites/services that provide content, you give Facebook/Google access to your activity on those services. Musish does not provide any content themselves, and by using Apple ID on Musish you only gain access to Apple's own content.

 

It really is the same thing, though.

All three services named here (Facebook, Google, and Apple) use a type of system known as "federated identity", which is a method a service can use to provision a trusted access token to a service. This token can enable the access / management of a scope of data.

In fact, not only are they both using the same sort of system, but they seem to actually be built around the same industry standard at their core: OAuth. Apple connect through https://idmsa.apple.com/IDMSWebAuth/auth?oauth_token when you access their login page, they then feed the token back to Musish.

Read more about federated identity here:
https://en.wikipedia.org/wiki/Federated_identity

When you login to Musish, Apple provide your web browser a token. This token enables Musish within your browser to verify your Apple Music access (with a very limited scope) to Apple. This means that Apple have verified you are the person who they handed the token to, and now they are happy to send you a list of your library songs, albums, and to even let you stream data from Apple Music's catalog. When you login through Facebook the exact same thing happens, and at that point Facebook are happy to serve you data from your account (or even send some data if permitted), to the scope which the authentication window asked for.

Without wanting to spend time to find a "Login with Facebook" or "Login with Google" button, here's some examples from Google Images:
https://imgur.com/a/jZTJDoO