![]() I believe this type of login flow will be phased out eventually. Now when we have an embedded browser (since December 2011) it would be much easier to change. There were also other reasons that I can't remember why we didn't do this. ![]() We basically needed to embed a browser in the client to make it work properly or redirect the user to a browser and then back to the client again. That was however one of the main technical problems in spring 2011 when we started to build this. I would much prefer a standard Facebook OAuth 2 authorization flow. It is not my favorite part of the client though. We worked very closely with Facebook (I helped build some parts of the backend integration). I work at Spotify and was there when it was introduced (September 2011). There might be a few more companies that have the ability to use this login flow, but I don't know. Thinking about differently, Facebook trusts this company enough to allow this. Nour is a Security Engineer at Spotify New York juggling her busy day job with completing her Masters in Cyber Security and looking after her 10-month-old daughter, Leya. It goes against and devalues the good policy of "Please don't enter your password anywhere else". Since the Facebook password is entered into a closed source client, there is no way for you to know for sure what happens without heavy reverse engineering and debugging of the client. ![]() As you have noticed, Spotify is using a different Facebook login flow that is not listed anywhere in the official Facebook developer documentation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |