Ok, if we added some text saying 'Login with Facebook' to our login form and then did the above it would be exactly what Spotify are doing. And still illegal.

Spotify aren't "logging into the users account" as suggested, the user is signing in with their fb details and by adding an app to their account fb reactivates their account. The issue here is only one of poor communication, not of illegal account access. Saying otherwise is disingenuous.