Announcement Announcement Module
No announcement yet.
authorization window and popups Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • authorization window and popups


    I've noticed that in all the examples you've used and I wanted to know is that on purpose? (because of the Connect/SigninController flow?)
    cause in implementation most of the time the browser blocks it.

    is there something in the FB/TW api that disables the use of some "popup div" which contains an iframe (thus skipping all the "popup" blockers browser's have?)

  • #2
    That choice was made primarily out of simplicity and also to address a specific question regarding posted in this forum awhile back. But you make a good point regarding popup blocking.

    I see no reason why couldn't be replaced with some other form of JS-based div popup dialog. It may be worthwhile revisiting this example to demo that scenario. Of course, if you want to try it yourself (and since it may be awhile before I get to it), pull requests are always welcome, even on the sample code. Just let me know.


    • #3
      I wish I could provide some sample.. but It seems like you can't do it.

      after spending some time and some tests , it seems like fb/tw/linkedin are blocking oauth requests coming from an iframe - they claim that they do it for security reason (because users can't see the address bar).
      so - somehow they recognize you're running in an iframe (I'm guessing they check if window.opener is null..) and return an error.
      in some places I came across a return header "Display forbidden by X-Frame-Options"

      I'm still checking it, since a complete page redirect is out of the question and god knows I hate popups. I'll keep the forum posted.


      • #4
        I know that there are provider-specific approaches to this, such as Facebook's dialogs ( But I've not yet tried working with these dialogs alongside Spring Social. I'd imagine there's a way to make them work, but I can't say for sure what that entails.

        If that's an option you're open to (using a provider-specific dialog), but for some reason it doesn't work with Spring Social, please feel free to open an issue in Jira and I'll look into it. In the meantime, I'll put it on my todo list ( to try using these dialogs with Spring Social and to see if there's something missing in Spring Social to make them work.


        • #5
          Hmm.. nice idea, If i'm not mistaken, then the only issue here is to callback spring to persist the access_token and some other properties.

          I'll try to find some time to perform some testing.