You can certainly post a feature request:
http://code.google.com/p/gdata-issues/issues/list
The benefit of Auth/OAuth is that it reassures user's
that they're enteringtheir credentials with Google, rather
than sharing them with a 3rd-party (and possibly untrusted) website.
The protocol involves redirects for the following reasons:
1.) prevent phising ("well, the login box looked like a Google page!")
2.) allows the user to switch which account they log in to before
approving access
3.) Each service (Health, Calendar, Gmail, etc.) share a common
infrastructure for the Google Accounts Login. If users all of a
sudden start seeing a different look and feel, they may be scared away
from
3rd party sites.
My $0.02,
Eric
On Nov 20, 7:38 am, th55 <[EMAIL PROTECTED]> wrote:
> Our application is permeated with the Ajax suntanning look and we try
> to keep the UI consistent. Our landing page has links to register
> with Google Health, and go to Google Health as per the Google
> guidelines. Since we conform to the guidelines, and provide a means
> to register, Google should just provide a simple login page with
> username, password and submit button. After all, when third parties
> like us link to Google, we don't need all the fluff on the Google
> login page thats intended for general web use. Third parties should
> have a lean login page. Why should we provide a link to register with
> Google Health if that registration link is also going to show up on
> the login page anyway? Why have the guidelines then? A cleaned up
> login page would appear in the IFrame without all the other stuff
> currently on the Google login page. The 2nd page (authorization and
> profile selection) would also be cleaned up to remove any unrequired
> links/wording.
>
> Since Google is expecting third parties to have users login and
> authorize, we should get special pages intended for third parties, not
> the general public use login web pages.
>
> So, how about Google providing us with minimal login/authorize pages?
> Tha't not a big effort. That way IFrames could be used since the
> Google pages would be well behaved. Just post a new url for third
> party applications for initial login on link.
>
> On Nov 19, 3:15 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > Hi th55,
>
> > Some of those pages (create new account, Gmail, etc.) have
> > frame busting code to prevent iFrames. If you're worried about
> > users clicking those links, I wouldn't iFrame the AuthSub flow.
> > Note, most of the time users will already be logged in to Google
> > so they'll never receive the Google Login page.
>
> > While iframing the AuthSub experience _will_ work, is there a reason
> > you need to do so? Could you just fetch the token with normal
> > browser redirects and use AJAX magic after the linking has alread
> > been established?
>
> > Eric
>
> > On Nov 19, 4:40 am, th55 <[EMAIL PROTECTED]> wrote:
>
> > > Our application uses an IFrame with screen tanned css background
> > > (typical Ajax these days) to present the import/export functionality
> > > to Google Health to our users. This includes the "Link to Google
> > > Health" which does the authorization token work. On initial link ,
> > > the Google login page appears in the IFrame and is well behaved. The
> > > login page and the 2nd profile authorization page appear in the IFrame
> > > and both are well behaved. Now, in the past, if my memory serves me
> > > correctly, clicking one of the many other links in that login page
> > > still caused the resulting page to render within in the confines of
> > > the IFrame and be well behaved. That is, if I clicked a link such as
> > > "Gmail", "Web history" or "Create an account now", the rendering
> > > appeared within the confines of the IFrame. However, when I tested
> > > those other links again the other day, when I clicked "Create an
> > > account now", the Google page took over the whole browser window and I
> > > lost my application page entirely. It blew away my page, IFrame and
> > > all. I dont' think it used to do that. Has something changed on the
> > > Google side? Can Google make those other links stop taking over the
> > > whole browser window on rendering?- Hide quoted text -
>
> > - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Health Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/googlehealthdevelopers?hl=en
-~----------~----~----~----~------~----~------~--~---
