PWA and Indigo Authentication Update (2023)

This week, we worked on and implemented a solution for improving the robustness of the authentication process for our Indigo listener members. For more details, read on.

For those unaware, Gensokyo Radio has a membership program “Indigo” which, among other things, enables access to the station’s lossless audio stream. When it was introduced, the primary method of access was through a web browser or an external application such as VLC, and the user would be required to enter their username and a PIN for authentication.

As time has passed and the open beta of our PWA-based application has been seeing more use, we’ve experimented with alternative methods of authentication which don’t require a user to regularly login. At first, we used a method of transferring session data along with the initial connection request via the PWA. This past week, one of our listeners pointed out an issue where session data would sometimes not be passed correctly when initially connecting or during automatic reconnects, causing a “load error” in the app.

We revamped the way Indigo authentication works by using a combination of activity and location-based signals. The PWA no longer needs to send a session to the server; instead, the server checks to see that a user has accessed the app from their current IP sometime in the last 24 hours.

Listeners who use the PWA’s player are automatically authenticated as a result. Additionally, external applications benefit from not requiring a user/PIN so long as connections are made from the same network. You can still use a user/PIN in cases where there’s been no activity from the PWA or website in the past day.

That’s all for this week, rate songs for the 2023 list while you can, and thanks for listening!

[Knowledge #144]