Hi, A user can always view the location of a page through the properties. Being able to view the URL in the location bar is useful, but is it strictly necessary?
Regards, Willem Jan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Osman Sent: Sunday, January 17, 2010 5:12 PM To: [email protected] Subject: Re: [oauth] Best Practice If the user cannot reliably see who is presenting the authorization-sign in window, they have no idea who they are giving their credentials to. This makes the whole point of delegated authorization moot, so I would consider it absolutely necessary to direct the user to a browser window where the location bar is visible. Cheers, Paul On 2010-01-17, at 10:17 AM, eco_bach wrote: > Hi > Building a Twitter application using OAuth. > I'd like to embed the Twitter OAuth authorization-sign in window > WITHIN my application. > > Is this considered a best practice, or is it always recommended to > send the user to a new browser window for the service provider(Twitter > in this case) authentication process? > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > The information contained in this communication is confidential, intended solely for the use of the individual or entity to whom it is addressed and may be legally privileged and protected by professional secrecy. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. This email does not constitute any commitment from Cordys Holding BV or any of its subsidiaries except when expressly agreed in a written agreement between the intended recipient and Cordys Holding BV or its subsidiaries. Cordys is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. Cordys does not guarantee that the integrity of this communication has been maintained nor that the communication is free of viruses, interceptions or interference. If you are not the intended recipient of this communication please return the communication to the sender and delete and destroy all copies.
-- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
