If the user cannot reliably see who is presenting the authorization-sign in window, they have no idea who they are giving their credentials to. This makes the whole point of delegated authorization moot, so I would consider it absolutely necessary to direct the user to a browser window where the location bar is visible.
Cheers, Paul On 2010-01-17, at 10:17 AM, eco_bach wrote: > Hi > Building a Twitter application using OAuth. > I'd like to embed the Twitter OAuth authorization-sign in window > WITHIN my application. > > Is this considered a best practice, or is it always recommended to > send the user to a new browser window for the service provider(Twitter > in this case) authentication process? > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > >
-- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
