Doug Bitting

This specifically supports the Google+ signin where you will be passing the one-time code from client to web server. See here: https://developers.google.com/+/web/signin/server-side-flow#step_4_add_the_sign-in_button_to_your_page I'm beginning to wonder if there doesn't need...

I may be misunderstanding what you mean by "entire[ly] client-side." In my flow, the browser initiates the OAuth flow via the G+ APIs and a `callbackURL` of `postmessage`. The browser...

Your assessment seems about right. In my case, I'm not redirecting. I'm establishing a passport session, performing a bit of user-specific processing making use of the G+ session afforded by...

My recollection is that `postmessage` is required on both the client and the server side of this flow, or it fails to work. It would appear to be significant to...