Open ChrisBrandhorst opened 11 years ago
Hmm. Interesting one this. I am not sure. My app does remember the credentials. Ideally it could (and should) use the data protection API, but currently it doesn't. It's not a big deal to put the burden of storage on the application, which can then understand its own need for multi-account usage etc.
In addition there is the issue of the Spotify key. In a commercial binary application, this would be built-in. It is trickier to know what to do to be "correct" in an open source project. For SpotiFire, Aleksander has chosen to publish his key. For mine (the Spotify project of my brianavid/Avid.Net4G repository) I have taken a more careful interpretation of the Spotify developer agreement and omitted the key from my published source, requiring it to be loaded from an external key file.
Any opinions as to what we should do? We don't want our keys to be revoked by Spotify because they may have been abused elsewhere
Brian.
The key is a problem, but that's outside the scope of this issue. To resolve this issue, a couple of extension methods should be made for session. One for login + store, another for re-login.
Added blob-credentials login to Session
in dff6bd2b3fcb0cef33e03f82e8104db6ab8b1437. Nothing yet for actually remembering the credentials, but the CredentialsBlobUpdated
callback is already present so you can hook into this process.
The Spotify library leaves all the saving of usernames and credentials up to the implementing application. It would be nice if SpotiFire can provide an API which takes care of this, or, in any case, eases the workflow for the implementing application.