the general idea is that you get the user to authorize your application, then use the tokens you get afterwards to login