[OpenID] popup protocol UX? Re: FB Connect, OpenID and UX
Allen Tom
atom at yahoo-inc.com
Mon Dec 15 23:50:44 UTC 2008
Dirk Balfanz wrote:
>
>
> Actually, I take that back - within the last week the behavior has
> apparently been unified to always pop up a browser window.
>
The approval screen can show up in a lightbox if the user is already
signed into FB. Not sure if this matters, but a malicious 3rd party site
can probably auto-approve itself using clickjacking gymnastics to click
on the connect button.
Allen
More information about the general
mailing list