As #116 points out we shouldn't be storing passwords in plain text. Since libspotify can give us an auth blob as a token to use to stay signed in without re-requesting the password be should look into adding this an alternative to storing the plain text password.
The flow if added would be to prompt the user for the missing credentials and then store the auth blob for use next time we log in. If the blob has expired we will of course need to log in again.
How do we combine a user prompt with daemonization and startup of Mopidy from init files?
If we don't support it we have the remember me feature simply be an opt in setting that needs to be set instead of password and warn people that it can not be combined with a truly headless mopidy.
We could also have a mopidy-auth job that acts as client for setting up these auth things interactively and either stores them to disc or sends them to core via a frontend.
Other option is that we abuse the MPD protocol using it's log in feature to get the spotify password. Problem with this is that we would only be able to get a single password so if we wan't to do the same for say scrobbling we are screwed.
However, if we add this at all I would say we go for option one to keep this simple.
i could integrate it in the webclient, but that's of no use to mpd-users. Or it could be configured via e.g. the deb-package?
For starters, for people who have enabled two-factor authentication, you will need to login first with your Facebook e-mail + password, and then use the SMS token after - a bit tedious.
On IRC I was directed to this which would seem to improve the situation greatly for me: https://www.spotify.com/dk/account/set-device-password/
Transferred to mopidy-spotify repo.