Oddbean new post about | logout
 Oh that's an interesting idea of using extension key as app key... need to think it through.

Meanwhile, if they're gonna use just one app, they could try to log in as your main key on their device, you would confirm on main device, add needed permissions (manually or on request) and then they'd just keep using it? If they'd need to re-login you'd have to confirm again, but once the session is created they should be able to use it just fine?