Re: [Rhythmbox-devel] Updating to the new API

On Tue, Apr 28, 2009 at 2:17 AM, Jonathan Matthew <jonathan d14n org> wrote:
> On Mon, Apr 27, 2009 at 08:43:24AM -0400, Matt Novenstern wrote:
>> Hi all,
>>       I'm sitting down to update RB to's new authentication scheme,
>> one step of which involves requiring the user to give the program
>> permission by logging in through a web page.  So, I can either
>> a) Launch an external browser to log in in, or
>> b) Try and put a browser somewhere in RB's UI
> I'm not really sure what the intent of this step is, exactly, but I'm guessing
> the point is to ensure the user agrees to let the app access their account in
> a way that the app can't fake or trick the user into accepting.  If we try to do that
> with an embedded browser, it looks like we're cheating.  I think it'd be much better to
> use the user's default web browser to do this.  Much easier too.

That sounds like what expect you to do:

i.e. This password prompt in a browser is a one off operation, so
embedding a browser in RB just for this is overkill.  KISS?

Once validated, there is a one hour window to use the token, and if
done, the registration is indefinite.  However, you would need to test
the case where the use logs into their account to revoke RB's

You could also try and use the "Authentication For Mobile
Applications" which looks much more straight forward as you can
directly supply an md5 of their username and password.  Of course, don't want desktop applications to do this.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]