Forslag / Bug Platform

When the user logs into their Microsoft account on the LabyMod Launcher, they need to enter their credentials (and 2FA code). However the launcher often asks for a relogin, and it doesn't remember the session, which is annoying.

This could be fixed by using the default system browser for logging in instead of the launcher's own WebView. It would be a lot more convenient because:

• external browsers can remember the session, in which case the user doesn't need to enter any credentials
• external browsers have a built-in password manager
• external browsers can have password manager extensions

It could be implemented in two ways: either with the authorization code flow, or the device code flow.

• Authorization code flow:

  • The launcher starts a web server
  • It opens the Microsoft login address on the system browser
  • The user logs in
  • Microsoft redirects the user to the address of the launcher's web server (localhost) with the auth code
  • The web server handles the request and uses the auth code to get a token, then uses it for logging in

• Device code flow:

  • The launcher requests a device code from Microsoft
  • It shows the device code to the user and tells them to open the verification url (https://www.microsoft.com/link)
  • The launcher starts polling the token endpoint
  • The user logs in with the device code
  • The launcher gets the token and uses it for logging in

These flows can either be implemented manually, or with the Microsoft Authentication Library