Agreed. It's very important the user be given at least two pieces of
information:
* the URL where they're entering their password
* whether the connection is secure (ie using SSL)
Since you could spoof this information in your app, it's generally a
good idea to hand off to the local browser, where the user can
leverage their current active session or any password mgmt tool.
Chris
Sent from my iPhone 2G
On Jan 17, 2010, at 8:12, Paul Osman <[email protected]> wrote:
If the user cannot reliably see who is presenting the authorization-
sign in window, they have no idea who they are giving their
credentials to. This makes the whole point of delegated
authorization moot, so I would consider it absolutely necessary to
direct the user to a browser window where the location bar is visible.
Cheers,
Paul
On 2010-01-17, at 10:17 AM, eco_bach wrote:
Hi
Building a Twitter application using OAuth.
I'd like to embed the Twitter OAuth authorization-sign in window
WITHIN my application.
Is this considered a best practice, or is it always recommended to
send the user to a new browser window for the service provider
(Twitter
in this case) authentication process?
--
You received this message because you are subscribed to the Google
Groups "OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
.
--
You received this message because you are subscribed to the Google
Groups "OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
.
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
