Simon Willison’s Weblog

16th July 2009 - Link Blog

Why an OAuth iframe is a Great Idea. Because users should a) learn to be phished and b) not even be given the option to avoid being phished if they know what they’re doing? No, no and thrice no. If you want to improve the experience, use a popup window so the user can still see the site they are signing in to in the background.

Posted 16th July 2009 at 8:29 pm

Recent articles

Highlights from my conversation about agentic engineering on Lenny's Podcast - 2nd April 2026
Mr. Chatterbox is a (weak) Victorian-era ethically trained model you can run on your own computer - 30th March 2026
Vibe coding SwiftUI apps is a lot of fun - 27th March 2026

This is a link post by Simon Willison, posted on 16th July 2009.

iframes 21 oauth 54 phishing 54 security 587

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe