We'd like to perform the OAuth login in an IFRAME, but Twitter redirects the window.top to the page if it detects that it's IFRAME'd. Is there a reason why we *must* show a window.open()?
The reason why this is an issue is because the window.open() approach is not modal, i.e. we cannot force the pop-up in focus. This becomes a real usability issue for the users who, say, accidentally, clicks back into the opener window and doesn't realize that there's another window open that they cannot get to now without Alt+Tab or finding it in the taskbar (assuming the user's even using Windows).