It’s 2018, and it’s time we understand that SMS 2-factor authentication is not a good way to double-check the users’ credentials. It’s been shown many times that phone numbers can be compromised.
As per the request of many Beem users, I am implementing Last.fm track scrobbling. The first part of this task is to implement an API client for the Last.fm web service, and step one is user authentication. Last.fm is not using OAuth, but rather its own implementation of an authentication engine that relies on a composite MD5 secret.