One of the building blocks for T348388: Use central login wiki for login (SUL3) is going to be the ability to show the login and/or signup page in a popup window (or an iframe; from the POV of the embedded/popped-up page, it does not make much difference).
This involves a number of changes:
- Add a flag to LoginSignupSpecialPage which displays the page without any skin (probably by using ApiSkin), and without most of the extra information that's normally shown on the initial login/signup page but not subsequent steps (e.g. benefits block; but we do want to keep the language chooser and login/signup switch, at least).
- Maybe adapt the form styling to be something like the Minerva login page, or the design for T98879: OAuth authorization dialogs should have a plain (skinless) version so that they can be shown in popup windows., although an MVP version would be fine without this (and it's tricky since auth form styling is distributed across many extensions).
- Use a query parameter to set the flag, and make sure it is sticky during the auth process, preferably including when a remote authentication provider is used. We could go with the OIDC vocabulary (display=popup).
We'll probably want to refine how anti-framing is handled (e.g. with CSP: frame-ancestors) but we can leave that for when we have a clearer plan for cookie handling.