you are doing it correctly because most of the logins require authentication and confirmation using a user login session. So your client has to go to authorise the connection.
Tell your client to consider it as one-time activity so he will feel less pain 