[OpenID] popup protocol UX? Re: FB Connect, OpenID and UX
Allen Tom
atom at yahoo-inc.com
Tue Dec 16 03:38:37 UTC 2008
Allen Tom wrote:
> The approval screen can show up in a lightbox if the user is already
> signed into FB. Not sure if this matters, but a malicious 3rd party site
> can probably auto-approve itself using clickjacking gymnastics to click
> on the connect button.
>
The approval screen now appears to always be in a popup, even if the
user is already signed into FB. I could have sworn it was in a lightbox
the last time I looked. At any rate, having the user authenticate and
approve access in a popup seems to be an improvement over the existing
OpenID and OAuth implementations that are currently in the wild.
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081215/c8b28635/attachment-0002.htm>
More information about the general
mailing list