I actually found that if you hijack the window.open and replace it with window.location.href, you can use the same window to authorize rather than creating a new window:
window.open = function(url: string, windowName: string, windowFeatures: string) {
console.log('window caught', url, windowName, windowFeatures);
window.location.href=url;
return null;
};
kelvinwoo
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution