[OpenID] FB Connect, OpenID and UX
Allen Tom
atom at yahoo-inc.com
Mon Dec 15 20:22:25 UTC 2008
Luke Shepard wrote:
>
>
> For Facebook Connect, the user's credentials aren't ever entered into
> an iframe. If the user is not logged into Facebook, then they will get
> a normal browser popup. I believe browser popups are supported by
> OpenID as well:
>
>
There is no safe way to ask for the user's credentials inline in an
iframe/lightbox, however, a popup is a good compromise. Unfortunately,
there is no standard way in OpenID for the RP to send the authentication
request to the OP in a popup.
The Connect popup could be improved a bit by using HTTPS, and perhaps
setting the hostname to something a bit shorter and more recognizable,
like https://login.facebook.com
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081215/866c25b2/attachment-0002.htm>
More information about the general
mailing list