There might be a few more companies that have the ability to use this login flow, but I don't know. Thinking about differently, Facebook trusts this company enough to allow this. It goes against and devalues the good policy of 'Please don't enter your password anywhere else'.
Since the Facebook password is entered into a closed source client, there is no way for you to know for sure what happens without heavy reverse engineering and debugging of the client. As you have noticed, Spotify is using a different Facebook login flow that is not listed anywhere in the official Facebook developer documentation.
