Beets: Revive the Beatport plugin

Nice! We should definitely investigate this. I just signed up for a key; I'll post if they get back to me.

@sampsyo Sounds good. Fingers crossed!

Author of the old Beatport plugin here, I also just applied for a key and will see if I can update the code once I hear back from them.

@jbaiter any update from Beatport on your end yet?

@brianroach I applied for a key in May and still haven't gotten one :(

So I just re-applied for a key here and they said they'd email me the key: https://accounts.beatport.com/developer/request-api-key

Not quite sure what's going on though...

Got my key! Looks like applying is pretty much instantaneous now 😄.

@brianroach Unfortunately I have not yet heard back from Beatport regarding the API keys. Looks like I'll have to try again!

@jbaiter I can send you mine until you get yours? Have you tried re-applying? I got mine in 10 minutes after applying earlier today 😄.

@jackwilsdon Thanks for the offer, but I got mine after reapplying now :-)

It looks like the plugin needs just some very minor refactoring. The Beatport API itself has not changed apart from some minor naming differences, with the one big difference that all endpoints now require authentication via OAuth. Code-wise this just means that we need to add authentication/authorization support (e.g. via requests_oauthlib or rauth) at a few points in the code, nothing major. However, I just played around with it and found the following problem:

Three-legged authentication does not seem to support granting access via a PIN. All I could find in the documentation is to provide a callback URL that Beatport redirects to, from which the access data can be parsed. This is far from ideal for a CLI application like beets, we really don't want to expose a HTTP endpoint to the whole world and on most setups (NAT, etc) this can be a rather involved task .

Some ways this could be solved with the minimum amount of hassle for users:

• Host a very simple web application for beets which the authorization interface redirects to and then displays the values the user has to enter into her beets configuration
• Provide documentation on how the required authentication data can be found via the browser developer tools

I'd say #1 is the better option. My time is pretty limited at the moment, so I can't make any promises when I can implement something, so if anybody feels up to it, feel free to start :-)

That is too bad! You're absolutely right that a local web server is probably too much hassle—NAT forwarding will break it for most people.

We've never hosted any web services for beets, but it's worth exploring. Maybe we can get something simple running on AWS Lambda, or maybe we should set up a full-fledged VM somewhere.

AWS Lambda could work, but the downside is that the user would have to edit the configuration twice, once for providing the verifier key and another time to remove the verifier and enter the final access key and secret. Or is there a way to update the configuration from within the plugin?

A small web application that performs the oauth dance would probably be the easier. It could just be a simple three-screen form that

1. gets the oauth request token from the API
2. redirects to the Beatport authorization screen where the user enters her credentials, which
3. redirects back to the last screen of the form where we retrieve the final access key/secret from the API and display the configuration snippet that has to be pasted.

I could offer to host it on my personal server, but this might be icky for privacy reasons, since I would theoretically have access to any keys generated via the application.

What do you think of using Flask to do it? Would it be viable to host the page on the user's own computer?

We don't have a way to edit the configuration, but for other plugins—namely, the discogs plugin—we've just created a special-purpose file on the side to hold the OAuth token. Could work!

I suppose there's no way around the security debacle—someone will have access to the keys. But maybe we can spin up an "official" beets server that only a few of us have access to?

It also just occurred to me because of @jackwilsdon's question: maybe NAT won't be a problem if all we need is a redirect destination. We could just ask to be forwarded to 127.0.0.1—the Beatport server wouldn't need to contact us directly.

Good thinking with the NAT! But after some more playing around this morning I think I found an even easier way to deal with OAuth.
Turns out that I made a mistake when generating the authentication URL. It is indeed possible to obtain the oauth token and secret without providing a callback URL. The API does not return a PIN, but the plain urlencoded data, which can then be parsed in the plugin.
This means that the workflow for authenticating with Beatport becomes pretty much identical to the way the Discogs plugin does it, with the difference that users have to paste the plain data instead of a simple PIN.

Aha; great!

is there a separate beatport plugin we will need to install with this now that you amazing people figured this out? :D

Nope, this will be included with the next release of beets! You'll just need to enable it in your config.

It looks like this was sorted out by #2067 so I'll go ahead and close this 🎉 😀.