I am writing a small extension for Firefox - Last.fm scrobbler. The API documentation contains a strange and incomprehensible authorization method. You need to get the key and form the http request within JavaScript. Also in the documentation are specified callback url, tokens and md5 encryption. Perhaps for this you need to connect any frameworks. What I found in search engines is a bit wrong.

I would be grateful if someone will explain how it works, or give a link to resources where you can read on issues of interest to me, in English. Last.fm documentation

    1 answer 1

    The implementation can be found in the open-source FoxyScrobbler ( scrobbler.js ).

    For the Firefox extension, the API for "desktop" applications is more suitable for you, and not for web applications to which you gave the link:

    • A web application by definition is something with a public URL that is open to the user in a browser. Therefore, the process looks like this:

      The web application redirects the user's browser to the last.fm authorization page, informing the URL that the application requires authorization ( ?api_key=xxx ).

      As a result of successful authorization, last.fm will direct the user's browser to the specified web application address, which you either specify as a "callback URL" ( ?api_key=xxx&cb=http://example.com ), or to the URL specified during registration.

      The server part of your web application will receive a request for this callback URL (in which, in particular, there is a token needed for further work with the last.fm API)

    • When authorizing for desktop applications, there is nowhere to return a user from the last.fm page (your application does not have a URL), so the API works in the reverse order:

      You first get a token (by asking auth.getToken to last.fm), then open the browser so that the user can confirm to last.fm that this token is authorized ( ?api_key=xxxxxxxxxxx&token=xxxxxxxx )

      After successful authorization, you can use it, similarly to the option for web applications.

    Actually, the token in this story is a one-time random identifier known to your application and last.fm. You need it in order to get another random identifier (session key) from last.fm, which you will use to call all other APIs.

    What questions you have about MD5 - I do not understand. Just in case: Imitation protection on Wikipedia (frankly, I did not know that it was called that).

    Perhaps for this you need to connect any frameworks.

    Since last.fm's API is self-made, frameworks won't help you. The closest thing you can use is FoxyScrobbler, to which I cited the link above. There is also a library for node , but there is now written in the section "Authentication for Desktop Applications" (Coming soon) , which is alarming ...