We have thousands of usernames and passwords for users on our services. If we then tried using these to log into our users facebook accounts in order to install an app of ours we'd be rightly prosecuted. Yet this is exactly what Spotify are doing.
Ok, if we added some text saying 'Login with Facebook' to our login form and then did the above it would be exactly what Spotify are doing. And still illegal.
Spotify aren't "logging into the users account" as suggested, the user is signing in with their fb details and by adding an app to their account fb reactivates their account. The issue here is only one of poor communication, not of illegal account access. Saying otherwise is disingenuous.
We have thousands of usernames and passwords for users on our services. If we then tried using these to log into our users facebook accounts in order to install an app of ours we'd be rightly prosecuted. Yet this is exactly what Spotify are doing.