User:Anomie/SessionManager and AuthManager will deprecate the current (non-bot-password) login API (and possibly break it, depending on what authentication extensions are installed) and remove the current account creation API.
action=clientlogin seems like an awful amount of work to implement in the client. Why couldn't we just have a HTML-based system where we can drop a web browser control in our app, point it to a specific page, and listen for some kind of event or specific page access to confirm a successful login?
Because not all clients can just drop in a web browser control. If you can do that, can you just drop Special:UserLogin into your web browser control, with returnto and returntoquery set to something appropriate?
Sure, I'm not saying that clientlogin is a bad thing :) I just am wondering if there is an easier way that saves having to implement what is potentially quite a complex and time-consuming bit of code on the client side.
I'll have a play around with Anomie's idea and see if it works out.