Authorization page sends request to send a push notification
Heavily rate-limit this endpoint to prevent abuse
Should only be available if there is a push notification endpoint on file (Kittybox Companion for Android should implement this)
Use UnifiedPush to send a push notification to a device already logged in
Device shows an authentication prompt
Should contain all data related to this authorization
No validation should be necessary: all data was already validated by the authorization endpoint and is trusted
If accepted, device pings the Authorization Endpoint with an OAuth2 token scoped to kittybox:authenticate_other_devices (scope name subject to bikeshedding)
Authorization page long-polls (or receives by other means) the result and sends the authorization code to the redirect URI