Twitter oauth authorization in a pop-up instead of in main browser window

Question

I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes:

TweetMeme has a Re-tweet twitter widget that publishers can place on their blogs. When a user clicks on the widget, it pops open a window which allows the user to authenticate themselves with twitter and then re-tweet.

This seems to use some special Twitter oauth popup form factor - unless there is something fancier happening under the surface to authenticate the user.

The pop-up window looks like this:

http://twitpic.com/1kepcr

I'd rather handle an authentication via a pop-up rather than send the user to a brand new page (for the app I'm working on) and they seem to have the most graceful solution. Thoughts on how they did this?

Answer 1

I think that the process is something like this (I assume that they have used php on server-side):

First it opens a jQuery-like popup, but it's not strictly related to twitter sign in functions. The real sign-in process begin when you confirm that popup, so it open new popup, with some php inside, that # hold a session. Those scripts ask to twitter the request tokens, using site's application params, and save them into $_SESSION array. If it's all-right, twitter send you to twitter authenticate page (https://twitter.com/oauth/authenticate), and after you have inserted your login params, twitter send you to the callback page defiend by that site. Here there is another php page that request access tokens, and save them into $_SESSION array. If it's all-right now the site has params that he needs for querying your profile, so last scripts inside popup refresh opener window (main site) and close himself. Now main window has all the interesting params inside $_SESSION array.

Check this useful library for all the server-side work.