Popup flow

Wed Sep 23 04:14:57 UTC 2009

++Javascript++

most browsers that have popup blockers ( the ones that i have seen )
will test to see if the window.open() call has been made with a user
event in the call stack ( like a mouse move, click, down, or up ).
so, no, you should not have to worry about popup blockers, unless you
are auto popping up to the OpenID login window.

any other JS questions?

On Tue, Sep 22, 2009 at 7:54 PM, Chris Messina <chris.messina at gmail.com> wrote:
> I just discovered that AOL's new lifestreaming service
> (http://lifestream.aim.com/) does a pretty neat trick with their popup UI
> for Twitter's OAuth experience. Check it out:
> http://flic.kr/p/71L1qq
> Note the tooltip in the dimmed parent window: "If this overlay remains after
> you have cancelled authenticating a service, click here to close it!".
> Chris
>
> On Mon, Sep 21, 2009 at 5:50 PM, Allen Tom <atom at yahoo-inc.com> wrote:
>>
>> Hi Darren,
>>
>> I am not aware of any OAuth SPs which condone having their Login/Approval
>> pages framed by a 3rd party website.  If the site embeds the SP's Login
>> screen, the user has no way of telling if they're being phished.
>>
>> The OpenID Popup Extension requires the RP to open the popup window with
>> the Address Bar clearly displayed, and explictly forbids the OP's
>> Login/Approval screen from being framed. Given that the address bar is
>> displayed, the security properties of the popup window are identical to the
>> browser redirect.
>>
>> Allen
>>
>> Darren Bounds wrote:
>>>
>>> I find it curious that these compromises have been embraced by the
>>> OAuth community to support a greater UX but they are not being
>>> embraced by OpenID. After all, isn't an iPhone UIWebView control just
>>> a different type of iFrame? You're still trusting parent application
>>> not to do something malicious.
>>>
>>
>> _______________________________________________
>> user-experience mailing list
>> user-experience at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-user-experience
>
>
>
> --
> Chris Messina
> Open Web Advocate
>
> Personal: http://factoryjoe.com
> Follow me on Twitter: http://twitter.com/chrismessina
>
> Citizen Agency: http://citizenagency.com
> Diso Project: http://diso-project.org
> OpenID Foundation: http://openid.net
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
> _______________________________________________
> user-experience mailing list
> user-experience at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-user-experience
>
>

-- 
-- 
Justin Kruger -- Sr. Social Media Software Engineer -

http://jDavid.net
http://twitter.com/jdavid

http://www.linkedin.com/in/jdavid

jDavid.net at gmail.com

Anton Freeman: Vincent! How are you doing this Vincent? How have you
done any of this? We have to go back.
Vincent: It's too late for that. We're closer to the other side.
Anton Freeman: What other side? You wanna drown us both?
Vincent: You wanna know how I did it? This is how I did it Anton. I
never saved anything for the swim back.