Is it possible to make a oauth workflow work within an iframe? Right now i just use the redirect to get to the access token but i would like to do that in an iframe so the UX is a little bit more consistent and the users stay on my site. An embedded solution would also be fine, if there is one.
Or can I achieve something similar to this?
If you mean a regular iframe to load the Battle.net login form that should work with the standard authorization_code flow. All the redirection will happen inside the iframe and you’ll still get the access_token in your app. You can even use some JS magic to trigger a custom event on window.parent after the logon process to notify changes to your main UI.
Most/all of the Blizzard-hosted login pages have “X-Frame-Options: SAMEORIGIN” or “X-Frame-Options: DENY” response headers, so the browser will not render those pages in an iframe.
I think it’s standard practice for login forms to be used only as top-level pages anyway, so users feel secure that their credentials are being entered into the page shown in the address bar.
Yes, that is what i thought aswell so far. The iframe does render an error and I thought maybe I am doing something wrong here or there is another way.
@Schiller
Have you tried this and suceeded? If yes, then how? I have response_type=code wich is the workflow you where talking about, right?
I’m so sorry about that, I forgot I had an addon to ignore X-Frame headers on my browser.
Erorus is completely right and Blizzard does indeed deny frames.