[OpenID] Auth Request display param question

John Bradley ve7jtb at ve7jtb.com
Wed Mar 2 22:37:29 UTC 2016 

I recall it was a early requirement from Facebook and JainRain.

There was a popup extension for openID 2.
http://svn.openid.net/repos/specifications/user_interface/1.0/trunk/openid-user-interface-extension-1_0.html <http://svn.openid.net/repos/specifications/user_interface/1.0/trunk/openid-user-interface-extension-1_0.html>

I suspect that anyone using the popup extension from openid 2 kept using the popup dimensions.

On looking at the parameter  in the Connect Core specification it is underspecified on it’s own.

JainRain and some others were using it.  I don’t know if there has been any real demand for it in Connect. 
That is probably why no one has pointed it out prior to this.

It should be fleshed out in a profile.

John B.

> On Mar 2, 2016, at 7:17 PM, Cal Heldenbrand <cal at fbsdata.com> wrote:
> 
> Hmm, yeah you're right, now that I think about it.  There is no way to window.open() a popup from the Provider without nuking the browser's current window.  If your main authentication page is a responsive view, then the display parameter probably doesn't matter.  But maybe it's for those that might want to have a stateful knowledge before rendering the DOM that it's going to be a small view?
> 
> 
> ---------------------------------------------------------------
> Cal Heldenbrand
>    Web Operations at FBS
>    Creators of flexmls <http://flexmls.com/>® and Spark Platform <http://sparkplatform.com/>
>    cal at fbsdata.com <mailto:cal at fbsdata.com>
> On Wed, Mar 2, 2016 at 3:09 PM, Paul Hethmon <paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com>> wrote:
> So I can see that, but that would require the RP to create that pop-up window, not the OP.
> 
> At the end of the day, if they reach my OP, they’ll get my login screen in a browser window (with prompt=popup), which still qualifies as meeting specification since its a SHOULD. But I hate not understanding the meaning or use case.
> 
> Paul
> 
>> On Mar 2, 2016, at 4:04 PM, Cal Heldenbrand <cal at fbsdata.com <mailto:cal at fbsdata.com>> wrote:
>> 
>> I believe that's for an AJAX request in a popup window.  (or maybe a modal dialog?)  
>> 
>> 
>> ---------------------------------------------------------------
>> Cal Heldenbrand
>>    Web Operations at FBS
>>    Creators of flexmls <http://flexmls.com/>® and Spark Platform <http://sparkplatform.com/>
>>    cal at fbsdata.com <mailto:cal at fbsdata.com>
>> On Wed, Mar 2, 2016 at 2:48 PM, Paul Hethmon <paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com>> wrote:
>> In section 3.1.2.1 of Core, it details the 4 options for the “display” parameter. While the 4 options are clear enough, I don’t get the intent of having “page” vs “popup”. If the client has been redirected to the OP for authentication, there’s a full browser window sitting there, so why ask the OP to popup something over that? I haven’t found any archived discussion or blogs on the subject and feel I must totally be missing the point here.
>> 
>> Discussion here or a pointer to something is greatly appreciated.
>> 
>> thanks,
>> 
>> Paul
>> 
>> -----
>> Paul Hethmon
>> Chief Software Architect
>> paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com>
>> 
>> 
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net <mailto:general at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-general <http://lists.openid.net/mailman/listinfo/openid-general>
>> 
> 
> -----
> Paul Hethmon
> Chief Software Architect
> paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com>
> 
> 
> 
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20160302/c92a6851/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20160302/c92a6851/attachment.p7s>

More information about the general mailing list