I'm starting to look at the OAuth process and had a question for the OAuth folks at Twitter.
My application BigTweet is invoked via a bookmarklet and displays as an IFRAME on any web page that a Twitter user happens to be browsing. Ideally I would like to be able to complete the entire OAuth process within the IFRAME (for initial login). I believe that Twitter recently added measures to prevent framing of their site to stop phishing attacks. Does this extend to the OAuth approval page? Could an exception be made for the OAuth page when invoked from a registered application presenting a valid Request Token? If so, could this be documented (perhaps in the OAuth Twitter FAQ)? The authorization page at Twitter appears to have a fairly small content section (with Deny/Allow buttons, etc), which could fit into a reasonably sized IFRAME. If you are agreeable to allow IFRAME support, would it be possible to standardize on content dimensions (for IFRAME sizing) and document this as well? Thanks for considering my request. Scott http://twitter.com/scott_carter
