When using OAuth login, the dependencies are api.twitter.com and twimg.com. If the user enters invalid credentials, the “Invalid credentials” page is sourced from http://twitter.com.
Is it possible to move that process to api.twitter.com so we don’t have to whitelist ALL of twitter.com just to allow social login?
The specific use case here is captive portal login for wireless.
I don’t think that’s possible.