OAuth not working inside an iframe

2019-01-24 11:26发布

问题:

I have built a Fiddle on JSFiddle which retrieves an OAuth access token via Foursquare's "token" response type. One or two days ago this was working fine. When "Login with Foursquare" was clicked Foursquare's authorization page appeared and I was able to get an access_token. Today I get an error that says "Refused to display document because display forbidden by X-Frame-Options." I have contacted JSFiddle to see if they have changed their X-Frame-Options headers, but I believe it is the iframed page that specifies that header. What is Foursquare's policy about OAuth inside iframes and has it changed recently?

Here is my Fiddle

回答1:

We, at Foursquare, have updated our OAuth flow to not support embedding in iFrames. This is recommended by the OAuth 2 spec.