[OpenID] Auth Request display param question
Steve Repetti
steve at radwebtech.com
Wed Mar 2 22:45:52 UTC 2016
The “popup” implementation was one of the original methods that JanRain used for integration. Not sure its relevance beyond that today.
--Steve R.
From: general [mailto:openid-general-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Wednesday, March 2, 2016 5:37 PM
To: Cal Heldenbrand <cal at fbsdata.com>
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Auth Request display param question
I recall it was a early requirement from Facebook and JainRain.
There was a popup extension for openID 2.
http://svn.openid.net/repos/specifications/user_interface/1.0/trunk/openid-user-interface-extension-1_0.html
I suspect that anyone using the popup extension from openid 2 kept using the popup dimensions.
On looking at the parameter in the Connect Core specification it is underspecified on it’s own.
JainRain and some others were using it. I don’t know if there has been any real demand for it in Connect.
That is probably why no one has pointed it out prior to this.
It should be fleshed out in a profile.
John B.
On Mar 2, 2016, at 7:17 PM, Cal Heldenbrand <cal at fbsdata.com <mailto:cal at fbsdata.com> > wrote:
Hmm, yeah you're right, now that I think about it. There is no way to window.open() a popup from the Provider without nuking the browser's current window. If your main authentication page is a responsive view, then the display parameter probably doesn't matter. But maybe it's for those that might want to have a stateful knowledge before rendering the DOM that it's going to be a small view?
---------------------------------------------------------------
Cal Heldenbrand
Web Operations at FBS
Creators of flexmls <http://flexmls.com/> ® and Spark Platform <http://sparkplatform.com/>
cal at fbsdata.com <mailto:cal at fbsdata.com>
On Wed, Mar 2, 2016 at 3:09 PM, Paul Hethmon <paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com> > wrote:
So I can see that, but that would require the RP to create that pop-up window, not the OP.
At the end of the day, if they reach my OP, they’ll get my login screen in a browser window (with prompt=popup), which still qualifies as meeting specification since its a SHOULD. But I hate not understanding the meaning or use case.
Paul
On Mar 2, 2016, at 4:04 PM, Cal Heldenbrand <cal at fbsdata.com <mailto:cal at fbsdata.com> > wrote:
I believe that's for an AJAX request in a popup window. (or maybe a modal dialog?)
---------------------------------------------------------------
Cal Heldenbrand
Web Operations at FBS
Creators of flexmls <http://flexmls.com/> ® and Spark Platform <http://sparkplatform.com/>
cal at fbsdata.com <mailto:cal at fbsdata.com>
On Wed, Mar 2, 2016 at 2:48 PM, Paul Hethmon <paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com> > wrote:
In section 3.1.2.1 of Core, it details the 4 options for the “display” parameter. While the 4 options are clear enough, I don’t get the intent of having “page” vs “popup”. If the client has been redirected to the OP for authentication, there’s a full browser window sitting there, so why ask the OP to popup something over that? I haven’t found any archived discussion or blogs on the subject and feel I must totally be missing the point here.
Discussion here or a pointer to something is greatly appreciated.
thanks,
Paul
-----
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com>
_______________________________________________
general mailing list
general at lists.openid.net <mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general
-----
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com <mailto:paul.hethmon at clareitysecurity.com>
_______________________________________________
general mailing list
general at lists.openid.net <mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20160302/d2fc6fa4/attachment.html>
More information about the general
mailing list