We redirect the user to the OAuth auth screen from within a frame. The auth screen correctly detects the frame and breaks it, but in before doing so it pops up a dialog box that says:Press OK to continue... (framed authorization page detected)This seems like debugging output to me. Can it be removed?j
we are aware of the issue and are working to restore service as soon as possible sorry, our API is experiencing intermittent issues
we are aware of the issue and are working to restore service as soon as possible sorry, our API is experiencing a limited-scope problem
please see this thread for updates sorry, the developer portal is currently undergoing scheduled maintenance
service is expected to be restored around 09:00PM PST OAuth 2.0 Authorization issues?
As previously announced, LinkedIn is now enforcing redirect URLs rule for OAuth 2.0 applications: More information. If you have any questions, please post to this thread in our forums: Thread for questions OAuth 2.0 Extension
LinkedIn is extending a courtesy brief period for developers to update their OAuth 2.0 redirect URLs.
If you have any questions, please post to this thread in our forums: Thread for questions. OAuth 2.0 Redirection URL
Beginning Monday April 28, 2014, LinkedIn's APIs will begin enforcing OAuth 2.0 redirect URLs.
If you have any questions, please post to this thread in our forums: Thread for questions. On July 21st between 4pm and 7pm PST we will be performing platform maintenance. You may see limited performance issues during this time. We apologize for any inconveniences generated by any service interruptions. We will be performing site wide maintenance on October 10th between 8 pm and 11 pm PST. This maintenance applies to all LinkedIn sites and applications, including our APIs. You may experience limited availability of certain APIs during this time. We apologize for any inconvenience this may cause. Please don't hesitate to reach out on our forums if you continue to experience API availability issues after the maintenance window In light of the recent disclosure of the "Poodle" SSL vulnerability, LinkedIn is joining the large number of services that have actively removed support for SSLv3, effective immediately. If you are experiencing errors related to HTTPS-based communication with our APIs, please ensure you are using a client/library that supports TLS 1.0+ instead of SSLv3 to avoid disruption. Attention, developers! We have transitioned to StackOverflow for forum-based support. Learn more about this change.
Redirecting to OAuth from within frame causes debugging dialog box to pop up
Consider this alert a heavy suggestion not to use frames of any kind to load our Authorization flow, it's forbidden.Taylor
Thanks for the quick reply Taylor.We're definitely not doing anything malicious and we're glad that the LinkedIn auth screen breaks out of the frameset (we reconstruct it on return).Can you tell me more about why starting the process from within a frame is forbidden?Thanks,j
This is Lucian. Taylor and I both work at LinkedIn on the platform.Usually when you present the user agreement screen in some sort of frame, just the HTML appears to the user. They have no way to know that the page actually came from linkedin.com. You could be constructing and displaying that page to fish the email and password from the user. They couldn't know.If the page is displayed in a browser window, then the browser will have the URL address bar and users who care can verify that they are actually on linkedin.com. While not very many users understand the importance of this, its important to keep following the best practices in hopes that more do into the future.You can read the requirement in the Platform Guidelines doc.
Thanks Lucian,I've read the document now.Please note that we are not attempting to show the agreement screen in a frameset. We want the LinkedIn agreement screen to be top-level. We are happy with the way that the agreement screen breaks our frameset and makes itself top-level.All I was wondering about is if the pop-up dialog box could be turned off when this occurs.More info: we write a widget that encourages people to OAuth with LinkedIn. That widget is framed in to other pages. It turns out that it is more convenient for us to have LinkedIn to break our frameset than it is for us to use target="_top". We can work around it using other techniques, though everything works out fine if the pop-up dialog box could be turned off. Any possibility of this happening?Hope I'm making more sense,j
Thanks guys.BTW, Tw*tter doesn't pop a dialog box in this scenario, so either they are vulnerable to the issue you raise, or they are using some other technique. Just mentioning in case it helps you guys.j
I found another way to work around this (using cookies to store state instead of the url).Upshot is that I'm using target="_top" now and thus no popup.Thanks for discussing with me. Keep up the great work guys!j