We are hosting Discourse in an iframe, so google oAuth doesn’t really work because they have x-frame options to prevent loading it.
What we’d like to do is use window.open and have the “small” oauth url for fb and google open up, and then upon closing redirect window.opener properly. Is this possible with Discourse settings? Or where is the code to do the location redirect, so we could change it?
I don’t believe this is officially supported. Discourse is a Single Page Application and there are no guarantees when it comes to running within an iframe.
See further:
I am not asking for guarantees. Just to know where the Javascript is that changes window.location so I can replace it with window.open
Discourse actually has a new config variable that allows it to be displayed in iframes, and it works. Look at https://qbix.com/ecosystem for instance, or https://intercoin.app
Oh, that’s interesting, yes you are right, and it’s actually 3 years old 
. It is hidden though which may indicate it has some limitations.
Yup! So really my main question is — where is the code that is triggered when someone clicks Connect with Facebook or Google? How can I override it? Maybe in the site theme JS, so I don’t have to develop a plugin?
All I want to do is replace window.location.href = … with window.open()