hi. i think this is one of the general frustrations with oauth - the whole idea is that the customer would see that the URL bar has a secure twitter.comURL. i'm not sure how you would demonstrate that if in an iframe.
On Tue, Dec 22, 2009 at 12:48 PM, jxdavis <jxda...@godaddy.com> wrote: > We'd like to perform the OAuth login in an IFRAME, but Twitter > redirects the window.top to the page if it detects that it's IFRAME'd. > Is there a reason why we *must* show a window.open()? > > The reason why this is an issue is because the window.open() approach > is not modal, i.e. we cannot force the pop-up in focus. This becomes a > real usability issue for the users who, say, accidentally, clicks back > into the opener window and doesn't realize that there's another window > open that they cannot get to now without Alt+Tab or finding it in the > taskbar (assuming the user's even using Windows). > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi