Javascript 通过弹出窗口的 Twitter OAuth
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1878529/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Twitter OAuth via a popup
提问by MatthewFord
I was wondering how to do twitter OAuth via a popup, i.e. load up the Oauth page in a popup and make the callback close the child window and reload the parent window.
我想知道如何通过弹出窗口进行 twitter OAuth,即在弹出窗口中加载 Oauth 页面并使回调关闭子窗口并重新加载父窗口。
Edit: OK iframes are bad, but how would you accomplish the above, I notice posterous.com does this - I'm looking to achieve the same flow as FB connect.
编辑:好的 iframes 是坏的,但是你将如何完成上述操作,我注意到 posterous.com 这样做 - 我希望实现与 FB connect 相同的流程。
回答by morgancodes
Doing the same thing for Yahoo today...
今天为雅虎做同样的事情......
- Open a popup
- Send user to twitter for authentication
- Twitter sends user back to mysite.com/authcompleted.php, with authentication parameters in the query string. Still in the popup here.
The popup (mysite.com/authcompleted.html) reads the query string and sends the data to the opener window via javascript
window.opener.setTwitterAuthData(yourData)
Inside setTwitterAuthData, which is in your main window, set appropriate form fields and submit the data to your server.
- 打开一个弹出窗口
- 将用户发送到 Twitter 进行身份验证
- Twitter 将用户发送回 mysite.com/authcompleted.php,并在查询字符串中使用身份验证参数。仍然在此处的弹出窗口中。
弹出窗口 (mysite.com/authcompleted.html) 读取查询字符串并通过 javascript 将数据发送到 opener 窗口
window.opener.setTwitterAuthData(yourData)
在主窗口中的 setTwitterAuthData 中,设置适当的表单字段并将数据提交到您的服务器。
回答by Jordan Running
You shouldn't do this. Loading it in an IFrame hides the URL from the user, making it difficult for them to confirm that they're entering their password on twitter.com and not a third-party (i.e. phishing) site.
你不应该这样做。在 IFrame 中加载它会向用户隐藏 URL,使他们难以确认他们是在 twitter.com 上输入密码,而不是第三方(即网络钓鱼)站点。
