Jump to content

Android App - Invalid Username or Password Error


WillCodeForBeer
 Share

Go to solution Solved by WillCodeForBeer,

Recommended Posts

  • Solution
WillCodeForBeer

Hi,

I recently installed emby on unraid (Server Version 4.6.1.0) and set up a reverse proxy, which is confirmed working. I can confirm that I can connect to my instance via the lan ip address or the proxy subdomain address. I also confirmed on my android phone that if I am on/off wifi, I can connect to the instance via the web browser to the proxy subdomain address. When I try to use the latest android app (on or off home wifi), I get the error for the "Invalid Username or Password". I know that I am typing everything properly as I am using a password keeper to populate/copy the values. I have tried changing the password and can confirm that the web browser works but the app doesn't still.

Any assistance would be appreciated.

 

**EDIT:

I am an idiot. For those like me, here was my problem.

 

In the app, I was just putting emby.mydomain.com as the url. Empty port field.

I updated the url field to be https://emby.mydomain.com and the port to 443. Connected first try.

Feel free to laugh at my struggles. Marking this the solution so if others have the same problem they can easily fix it.

Edited by WillCodeForBeer
Am idiot
Link to comment
Share on other sites

Hi, what reverse proxy are you using? I would suggest comparing your proxy configuration to that of @pir8radio's nginx configuration.

Link to comment
Share on other sites

WillCodeForBeer

I'm using the swag container on unraid.

Here is the proxy conf that is shipped as a template with the container. I've followed the steps at the top for the emby changes as well.

Changing the public https port to 443, setting the external domain to the subdomain url, and set the "Secure connection mode" to "Handled by reverse proxy".

 

I reviewed @pir8radio's conf at This Page but didn't see anything that should stand out that specifically blocks the android connection. I am using cloudlflare, but it seems the only specific changes they have for that is just for logging purposes of getting the real IP.

 

Do either of you have any other ideas?

 

## Version 2021/05/18
# make sure that your dns has a cname set for emby and that your emby container is not using a base url
# if emby is running in bridge mode and the container is named "emby", the below config should work as is
# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name emby.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app emby;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }
}

 

 

Edit:

Here are the portion emby logs showing the invalid response.

2021-05-27 07:05:12.921 Info Server: http/1.1 GET http://emby.<<REDACTED>>.com/Users/authenticatebyname?X-Emby-Client=Emby%20for%20Android&X-Emby-Device-Name=Pixel%203&X-Emby-Device-Id=d105912ac0532e3a&X-Emby-Client-Version=3.1.94. Connection=close, Accept=application/json, Accept-Encoding=gzip, deflate, Accept-Language=en-US,en;q=0.9, Host=emby.<<REDACTED>>.com, User-Agent=Mozilla/5.0 (Linux; Android 11; Pixel 3 Build/RQ2A.210505.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/91.0.4472.77 Mobile Safari/537.36, X-Forwarded-For=192.168.1.1, X-Forwarded-Host=emby.<<REDACTED>>.com, X-Forwarded-Proto=https, X-Forwarded-Ssl=on, X-Real-IP=192.168.1.1, x-requested-with=com.mb.android, sec-fetch-site=cross-site, sec-fetch-mode=cors, sec-fetch-dest=empty
2021-05-27 07:05:12.921 Error Server: Access token is invalid or expired.
2021-05-27 07:05:12.921 Info Server: http/1.1 Response 401 to 192.168.1.1. Time: 0ms. http://emby.<<REDACTED>>.com/Users/authenticatebyname?X-Emby-Client=Emby%20for%20Android&X-Emby-Device-Name=Pixel%203&X-Emby-Device-Id=d105912ac0532e3a&X-Emby-Client-Version=3.1.94

 

Edited by WillCodeForBeer
Added emby logs
Link to comment
Share on other sites

Best guess is the proxy is modifying the request somehow.

Or, you may have configured network settings at the server or user level and these are the reasons for the authentication rejection, not the actual username and password.

Can you check these? Try loosening up any emby options you may have configured to restrict user access. That may help point to the cause.

Link to comment
Share on other sites

WillCodeForBeer

I will try and mess with the settings a bit more, but this was a fresh install, fresh user, default settings for access.
 

Link to comment
Share on other sites

What style did you setup?  Is it like "emby.domain.ext" or "domain.ext/emby"?

Link to comment
Share on other sites

WillCodeForBeer
1 hour ago, cayars said:

What style did you setup?  Is it like "emby.domain.ext" or "domain.ext/emby"?

I set it up with subdomain. Emby.domainname.com

Link to comment
Share on other sites

OK that's good. It's most likely in your proxy setup.
Hopefully one of the proxy experts can help you out.

Link to comment
Share on other sites

WillCodeForBeer

I tried a different device, chromebook with android app installed, and also have the same issue.

2021-05-27 14:41:36.397 Info Server: http/1.1 GET http://emby.<<REDACTED>>.com/Users/authenticatebyname?X-Emby-Client=Emby%20for%20Android&X-Emby-Device-Name=Chromebook_75E3&X-Emby-Device-Id=42a95ec97bdebe57&X-Emby-Client-Version=3.1.94. Connection=close, Accept=application/json, Accept-Encoding=gzip, deflate, Accept-Language=en-US,en;q=0.9, Host=emby.<<REDACTED>>.com, User-Agent=Mozilla/5.0 (Linux; Android 9; nami Build/R90-13816.82.0; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/91.0.4472.77 Safari/537.36, X-Forwarded-For=192.168.1.1, X-Forwarded-Host=emby.<<REDACTED>>.com, X-Forwarded-Proto=https, X-Forwarded-Ssl=on, X-Real-IP=192.168.1.1,192.168.1.1, x-requested-with=com.mb.android, sec-fetch-site=cross-site, sec-fetch-mode=cors, sec-fetch-dest=empty
2021-05-27 14:41:36.397 Error Server: Access token is invalid or expired.
2021-05-27 14:41:36.397 Info Server: http/1.1 Response 401 to 192.168.1.1. Time: 1ms. http://emby.<<REDACTED>>.com/Users/authenticatebyname?X-Emby-Client=Emby%20for%20Android&X-Emby-Device-Name=Chromebook_75E3&X-Emby-Device-Id=42a95ec97bdebe57&X-Emby-Client-Version=3.1.94

 

Web browser login from the same device works fine.  Is there any easy way to drill down to the proxy template the unraid swag container uses to try and identify the issue blocking the android app?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...