I’d say it’s nearly as secure as

basic authentication. If you restrict deletion to admin users and use role (or group) based auth to restrict that jellyfin admin ability to people with strong passwords in keycloak, i think you are good. Still the only risk is people could delete your media if an adminusers gmail is hacked.

Will say it’s not as secure as restricting access to vpn, you could be brute forced. Frankly it would be preferable to set up rate limiting, but that was a bridge too far for me

I am using tailscale but I went a little further to let my family log in with their Gmail( they will not make any account for 1 million dollars)

Tailscale funneled Jellyfin Keycloak (adminless)

Private Tailscale Keycloak admin Postgres dB

I hook up jellyfin to Keycloak (adminless) using the sso plugin. And hook Keycloak up (using the private instance) to use Google as an identity provider with a private app.

I’m doing it on my android. Don’t have an iPhone to debug sadly. I click on the three dots next to the episode and it is an option there. Just checked and I can also do it by the season. I am on an administrator account

Maybe I’m not understanding offline downloads, but I’m able to download media on jellyfin and watch it offline.

damn collectivist societies and their group bys…

Now I assume fixing the bug was not in line with their business model

The future if text documents were Json:

City_pic.png.xml

A word document is xml

You don’t get the context of this joke

We hooked up chatgpt to do code reviews so this is no longer a problem. The Children yearn for the stack

What I did (a few years ago now) was add http authentication to the ports where I ran my personal projects and left my projects port public. Don’t think I have to worry about recruiters brute forcing a password, hah.

I think it adds a little credibility to the fact that it’s actually you.