tags:

views:

726

answers:

3
+2  Q: 

Twitter OAuth via a popup

I was wondering how to do twitter OAuth via a popup, i.e. load up the Oauth page in a popup and make the callback close the child window and reload the parent window.

Edit: OK iframes are bad, but how would you accomplish the above, I notice posterous.com does this - I'm looking to achieve the same flow as FB connect.

+1  A: 

You shouldn't do this. Loading it in an IFrame hides the URL from the user, making it difficult for them to confirm that they're entering their password on twitter.com and not a third-party (i.e. phishing) site.

Jordan  2009-12-10 04:07:33
I agree in principle, but doesn't the auth page only have allow || deny this application buttons - it doesn't ask you for your password. So I can't see why it should be a problem from a security perspective, while helping the UX flow.
MatthewFord  2009-12-10 04:18:34
If you're not logged in it asks you for your password.
Jordan  2009-12-10 13:48:04
There is iframe busting JS on the non-logged in page where it asks you for your password (line 37)
MatthewFord  2009-12-10 14:23:07
+2  A: 

This maybe helpful!

http://zuzara.com/blog/2010/05/15/jquery-plugin-for-twitter-oauth-via-popup-window-facebook-style/

NikM  2010-08-30 15:41:47
If you're developing on Windows you can find the pecl oauth dll at http://downloads.php.net/pierre/
Mark Flint  2010-09-15 13:43:39
+1  A: 

Doing the same thing for Yahoo today...

  1. Open a popup
  2. Send user to twitter for authentication
  3. Twitter sends user back to mysite.com/authcompleted.php, with authentication parameters in the query string. Still in the popup here.

  4. The popup (mysite.com/authcompleted.html) reads the query string and sends the data to the opener window via javascript

    window.opener.setTwitterAuthData(yourData)

  5. Inside setTwitterAuthData, which is in your main window, set appropriate form fields and submit the data to your server.

morgancodes  2010-08-30 15:57:25
how can you still be in the popup, point 3., when the callback is mysite.com/authcompleted.php?
Mark Flint  2010-09-15 08:47:01
@mark You point the popup to yahoo to begin with, then yahoo redirects, still inside the popup, to authcompleted.php
morgancodes  2010-09-15 18:31:46
thanks, makes sense
Mark Flint  2010-09-15 19:07:26

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript