Re: [Rhythmbox-devel] Updating to the new last.fm API
- From: Peter <rhythmbox-devel maubp freeserve co uk>
- To: Jonathan Matthew <jonathan d14n org>
- Cc: rhythmbox-devel gnome org
- Subject: Re: [Rhythmbox-devel] Updating to the new last.fm API
- Date: Tue, 28 Apr 2009 09:46:49 +0100
On Tue, Apr 28, 2009 at 2:17 AM, Jonathan Matthew <jonathan d14n org> wrote:
>
> On Mon, Apr 27, 2009 at 08:43:24AM -0400, Matt Novenstern wrote:
>> Hi all,
>>
>> I'm sitting down to update RB to last.fm's new authentication scheme,
>> one step of which involves requiring the user to give the program
>> permission by logging in through a web page. So, I can either
>>
>> a) Launch an external browser to log in in, or
>>
>> b) Try and put a browser somewhere in RB's UI
>
> I'm not really sure what the intent of this step is, exactly, but I'm guessing
> the point is to ensure the user agrees to let the app access their last.fm account in
> a way that the app can't fake or trick the user into accepting. If we try to do that
> with an embedded browser, it looks like we're cheating. I think it'd be much better to
> use the user's default web browser to do this. Much easier too.
That sounds like what Last.fm expect you to do:
http://www.last.fm/api/authspec
i.e. This password prompt in a browser is a one off operation, so
embedding a browser in RB just for this is overkill. KISS?
Once validated, there is a one hour window to use the token, and if
done, the registration is indefinite. However, you would need to test
the case where the use logs into their last.fm account to revoke RB's
access.
You could also try and use the "Authentication For Mobile
Applications" which looks much more straight forward as you can
directly supply an md5 of their username and password. Of course,
last.fm don't want desktop applications to do this.
Peter
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
