[prezjordan]

Not a dumb question, very much appreciate you keeping an eye out for your password security. It uses an OAuth flow so you're actually entering your credentials on accounts.spotify.com (Spotify-owned) and then Spotify gives this developer a token (rather than a username+password) to access your data (usually a very limited subset of data outlined on the login page).

[sirfrankiecrisp]

Oh I see, makes sense! Thanks for the answer - very much appreciated!

[ramenmeal]

any idea why it uses ngrok when I go to the sign in flow? Chrome is saying the connection is insecure.

[baetylus]

he's probably just using ngrok as a server and the SSL cert on that ngrok process probs isn't verified by a CA. just a guess tho