search

wavy / wavyfm-docs

wavy.fm developer documentation
https://wavy.fm/developers
Other
7 stars 1 forks source link

Desktop authentication flow #9

Open aramperes opened 3 years ago

aramperes commented 3 years ago

Use-Case Description

Desktop auth flow is used for any non-browser-based applications, such as desktop media players and Discord bots. It may also work for mobile apps, although there are more preferable flows for them.

Semantics

This can be inspired from the Last.fm Desktop Flow.

aramperes commented 3 years ago

Quoting from @th0mk

We've currently made the authentication flow (logging in through a personalized link without having to redirect to a website) for Last.fm the default login flow and we're seeing good results. I would personally also prefer this flow for Wavy.fm, since it allows authorized calls, is easy to use, prevents people linking the wrong accounts and would be future-proof with ratelimiting etc.

As far as I know there are two ways of doing this.

The first one is how Last.fm does it and would also be our preferred flow:

1. Application requests an auth token and creates a link for a user to login

2. Users clicks on the link and allows the application access

3. The application can check if the user has allowed that specific token and if successful can get a session token for a user (only once)

4. Login success

Or:

1. Application has a static link for login

2. Users clicks on the link and allows the application access

3. The website shows a key that the user has to manually input into the application

4. Login success