On Tue, Apr 28, 2009 at 2:17 AM, Jonathan Matthew <jonat...@d14n.org> wrote: > > On Mon, Apr 27, 2009 at 08:43:24AM -0400, Matt Novenstern wrote: >> Hi all, >> >> I'm sitting down to update RB to last.fm's new authentication scheme, >> one step of which involves requiring the user to give the program >> permission by logging in through a web page. So, I can either >> >> a) Launch an external browser to log in in, or >> >> b) Try and put a browser somewhere in RB's UI > > I'm not really sure what the intent of this step is, exactly, but I'm guessing > the point is to ensure the user agrees to let the app access their last.fm > account in > a way that the app can't fake or trick the user into accepting. If we try to > do that > with an embedded browser, it looks like we're cheating. I think it'd be much > better to > use the user's default web browser to do this. Much easier too.
That sounds like what Last.fm expect you to do: http://www.last.fm/api/authspec i.e. This password prompt in a browser is a one off operation, so embedding a browser in RB just for this is overkill. KISS? Once validated, there is a one hour window to use the token, and if done, the registration is indefinite. However, you would need to test the case where the use logs into their last.fm account to revoke RB's access. You could also try and use the "Authentication For Mobile Applications" which looks much more straight forward as you can directly supply an md5 of their username and password. Of course, last.fm don't want desktop applications to do this. Peter _______________________________________________ rhythmbox-devel mailing list rhythmbox-devel@gnome.org http://mail.gnome.org/mailman/listinfo/rhythmbox-devel
