[TiddlyWeb] Challengers - support for popup window

[mahemoff]

It would be nice if the default challengers (and perhaps the challenger mechnism) provided support for logging in via a popup window. One way might be to extend tiddlyweb_redirect, and provide an additional jsonp-style callback parameter:

"tiddlyweb_redirect" - if set to a special value, like "close", the window closes after a successful login "callback" - a callback function to be called when the window has closed, which passes in a boolean indicating login success.

I have handled this kind of thing in the jquery comments plugin (  http://svn.tiddlywiki.org/Trunk/contributors/MichaelMahemoff/lib/comments/demo/static/js/comments.js). However, the library requires the caller to provide a custom HTML file for redirection, with javascript to close itself.

[cdent]

The Challenger system is generally designed with the idea that the login UI will be created by client code or server-side application plugins. The UI's that the challengers present on a GET is there for the sake of convenience, not for regular use. The main reason for the challenger to be there is to listen to POSTs.

So the thinking is that if, for example, you had a non tiddlywiki client to tiddlyweb presenting a web ui, a part of that ui could be a login handler that took the necessary openid creds and provided the window for going through the interaction with the openid server (which presumably would be done in a full window so you could get to see the location bar and other indications of non-phishing). This would never GET the challenger, only POST it.

Another option would be to make a challenger module that did the whole thing as you like.

[cdent]

assuming this is resolved, due to lack of response