marco/yt-dlp-webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Page: Authentication methods
Pages
Authentication methods Home RPC methods Twitch integration
Clone
7
Authentication methods
Marco Piovanello edited this page 2025-03-17 10:23:38 +01:00
Table of Contents

yt-dlp support two main authentication schemes:

  • Username/password based authentication
  • OpenID authentification

Username/password based authentication

To enable this authentication scheme edit your config.yml and add the following lines:

require_auth: true
username: your_username
password: your_password

Provide your config.yml to yt-dlp-webui:

./yt-dlp-webui -conf config.yml

# or with docker
docker exec --rm -d -p 3033:3033 -v <your_config_directory>:/conf ghcr.io/marcopeocchi/yt-dlp-web-ui:latest

OpenID authentification

To enable this authentication scheme you need an OpenID authentication provider (e.g. Google Oauth2), a client_id and a client_secret.
The requirements can be obtained from your authentication provider, for example, Google make them available here https://console.cloud.google.com/apis/credentials.

The callback URL is https://localhost:3033/auth/openid/signin where https://localhost:3033 is where yt-dlp-web-ui is exposed, a real-like application would be something served by a reverse-proxy (e.g. https://yt-dlp-webui.yourdomain.tld/auth/openid/signin)

Edit your config.yml with the following keys:

# OpenID Google Oauth2 example

# disable password based authentication
require_auth: false

# enable openid authentification
use_openid: true
openid_provider_url: https://accounts.google.com
openid_client_id: your-client-id
openid_client_secret: your-client-secret
# optional
# openid_email_whitelist:
#  - user@example.com

# localhost:3033 is where yt-dlp-webui is exposed
openid_redirect_url: your-callback-url
# a production like example
# openid_redirect_url: https://yt-dlp-webui.yourdomain.tld/auth/openid/signin

Provide your config.yml to yt-dlp-webui:

./yt-dlp-webui -conf config.yml

# or with docker
docker exec --rm -d -p 3033:3033 -v <your_config_directory>:/conf ghcr.io/marcopeocchi/yt-dlp-web-ui:latest

API Authentication

About the API authentication: there's three methods to provide the token:

  • cookies: cookie named jwt-yt-dlp-webui
  • query params: ?token=yourjwttoken
  • headers: X-Authentication header

How to obtain the token

curl -H "Content-Type: application/json" \
  -X POST \
  -d '{"username":"ciao","password":"ciaociao"}' \
  http://localhost:3033/auth/login

where http://localhost:3033 will be replaced with your ip/hostname.

The JWT token will be returned in the response.

Execute requests with token

As described before, with token or query params.
Here's an example using query params:

curl -H "Content-Type: application/json" \
  -X POST \
  -d '{"url": "http://some.video/1"}' \
  http://localhost:3033/api/v1/exec?token=eyJhbGciOiJIUzI1NiIsInR5cC...