Can you allow the oauth authorize page to open in an iframe?


#1

My site uses simplemodal with an iframe for sharing options. If a user tries to share using twitter and has not yet authorized my app, then I would like to open the authorization page (http://twitter.com/oauth/authorize) within the iframe.

After hours of troubleshooting a blank page in the iframe, I read that twitter does not support iframes. I’m currently working around by opening the oath page in a new window, which then closes on redirect, but it feels much more clunky.

Is there a security risk in having the oath page load in an iframe?

Thanks!


#2

People can’t see the address bar so they can’t see whether you are a phishing website or the real deal.

Tom