diff --git a/packages/oauth/end_of_popup_response.html b/packages/oauth/end_of_popup_response.html
index f4480867d3..e497038e7f 100644
--- a/packages/oauth/end_of_popup_response.html
+++ b/packages/oauth/end_of_popup_response.html
@@ -4,6 +4,14 @@
   if (##SET_CREDENTIAL_TOKEN##) {
     var credentialToken = ##TOKEN##;
     var credentialSecret = ##SECRET##;
+
+    var credentialString = JSON.stringify({
+      credentialToken: credentialToken,
+      credentialSecret: credentialSecret
+    });
+
+    window.location.hash = credentialString;
+
     if (window.opener && window.opener.Package &&
           window.opener.Package.oauth) {
       window.opener.Package.oauth.OAuth._handleCredentialSecret(
@@ -17,7 +25,7 @@
       }
     }
   }
-  window.close();
+  //window.close();
 </script>
 </head>
 <body>
@@ -25,7 +33,5 @@
     Login completed. <a href="#" onclick="window.close()">
       Click here</a> to close this window.
   </p>
-  <img src="not-a-real-image-for-oauth" style="width:1px;height:1px"
-       onerror="window.close();" />
 </body>
 </html>
diff --git a/packages/oauth/oauth_browser.js b/packages/oauth/oauth_browser.js
new file mode 100644
index 0000000000..c9806c9ae1
--- /dev/null
+++ b/packages/oauth/oauth_browser.js
@@ -0,0 +1,62 @@
+// Browser specific code for the OAuth package.
+
+// Open a popup window, centered on the screen, and call a callback when it
+// closes.
+//
+// @param url {String} url to show
+// @param callback {Function} Callback function to call on completion. Takes no
+//   arguments.
+// @param dimensions {optional Object(width, height)} The dimensions of
+//   the popup. If not passed defaults to something sane.
+OAuth.showPopup = function (url, callback, dimensions) {
+  // default dimensions that worked well for facebook and google
+  var popup = openCenteredPopup(
+    url,
+    (dimensions && dimensions.width) || 650,
+    (dimensions && dimensions.height) || 331
+  );
+
+  var checkPopupOpen = setInterval(function() {
+    try {
+      // Fix for #328 - added a second test criteria (popup.closed === undefined)
+      // to humour this Android quirk:
+      // http://code.google.com/p/android/issues/detail?id=21061
+      var popupClosed = popup.closed || popup.closed === undefined;
+    } catch (e) {
+      // For some unknown reason, IE9 (and others?) sometimes (when
+      // the popup closes too quickly?) throws "SCRIPT16386: No such
+      // interface supported" when trying to read 'popup.closed'. Try
+      // again in 100ms.
+      return;
+    }
+
+    if (popupClosed) {
+      clearInterval(checkPopupOpen);
+      callback();
+    }
+  }, 100);
+};
+
+var openCenteredPopup = function(url, width, height) {
+  var screenX = typeof window.screenX !== 'undefined'
+        ? window.screenX : window.screenLeft;
+  var screenY = typeof window.screenY !== 'undefined'
+        ? window.screenY : window.screenTop;
+  var outerWidth = typeof window.outerWidth !== 'undefined'
+        ? window.outerWidth : document.body.clientWidth;
+  var outerHeight = typeof window.outerHeight !== 'undefined'
+        ? window.outerHeight : (document.body.clientHeight - 22);
+  // XXX what is the 22?
+
+  // Use `outerWidth - width` and `outerHeight - height` for help in
+  // positioning the popup centered relative to the current window
+  var left = screenX + (outerWidth - width) / 2;
+  var top = screenY + (outerHeight - height) / 2;
+  var features = ('width=' + width + ',height=' + height +
+                  ',left=' + left + ',top=' + top + ',scrollbars=yes');
+
+  var newwindow = window.open(url, 'Login', features);
+  if (newwindow.focus)
+    newwindow.focus();
+  return newwindow;
+};
\ No newline at end of file
diff --git a/packages/oauth/oauth_client.js b/packages/oauth/oauth_client.js
index 34a766a42f..565c46b121 100644
--- a/packages/oauth/oauth_client.js
+++ b/packages/oauth/oauth_client.js
@@ -5,6 +5,10 @@ var credentialSecrets = {};
 
 OAuth = {};
 
+OAuth.showPopup = function (url, callback, dimensions) {
+  throw new Error("OAuth.showPopup must be implemented on this arch.");
+};
+
 // Determine the login style (popup or redirect) for this login flow.
 //
 //
@@ -115,69 +119,6 @@ OAuth.launchLogin = function (options) {
   }
 };
 
-
-// Open a popup window, centered on the screen, and call a callback when it
-// closes.
-//
-// @param url {String} url to show
-// @param callback {Function} Callback function to call on completion. Takes no
-//   arguments.
-// @param dimensions {optional Object(width, height)} The dimensions of
-//   the popup. If not passed defaults to something sane.
-OAuth.showPopup = function (url, callback, dimensions) {
-  // default dimensions that worked well for facebook and google
-  var popup = openCenteredPopup(
-    url,
-    (dimensions && dimensions.width) || 650,
-    (dimensions && dimensions.height) || 331
-  );
-
-  var checkPopupOpen = setInterval(function() {
-    try {
-      // Fix for #328 - added a second test criteria (popup.closed === undefined)
-      // to humour this Android quirk:
-      // http://code.google.com/p/android/issues/detail?id=21061
-      var popupClosed = popup.closed || popup.closed === undefined;
-    } catch (e) {
-      // For some unknown reason, IE9 (and others?) sometimes (when
-      // the popup closes too quickly?) throws "SCRIPT16386: No such
-      // interface supported" when trying to read 'popup.closed'. Try
-      // again in 100ms.
-      return;
-    }
-
-    if (popupClosed) {
-      clearInterval(checkPopupOpen);
-      callback();
-    }
-  }, 100);
-};
-
-
-var openCenteredPopup = function(url, width, height) {
-  var screenX = typeof window.screenX !== 'undefined'
-        ? window.screenX : window.screenLeft;
-  var screenY = typeof window.screenY !== 'undefined'
-        ? window.screenY : window.screenTop;
-  var outerWidth = typeof window.outerWidth !== 'undefined'
-        ? window.outerWidth : document.body.clientWidth;
-  var outerHeight = typeof window.outerHeight !== 'undefined'
-        ? window.outerHeight : (document.body.clientHeight - 22);
-  // XXX what is the 22?
-
-  // Use `outerWidth - width` and `outerHeight - height` for help in
-  // positioning the popup centered relative to the current window
-  var left = screenX + (outerWidth - width) / 2;
-  var top = screenY + (outerHeight - height) / 2;
-  var features = ('width=' + width + ',height=' + height +
-                  ',left=' + left + ',top=' + top + ',scrollbars=yes');
-
-  var newwindow = window.open(url, 'Login', features);
-  if (newwindow.focus)
-    newwindow.focus();
-  return newwindow;
-};
-
 // XXX COMPAT WITH 0.7.0.1
 // Private interface but probably used by many oauth clients in atmosphere.
 OAuth.initiateLogin = function (credentialToken, url, callback, dimensions) {
@@ -214,5 +155,6 @@ OAuth._retrieveCredentialSecret = function (credentialToken) {
   } else {
     delete credentialSecrets[credentialToken];
   }
+  console.log("new secret: ", secret);
   return secret;
 };
diff --git a/packages/oauth/oauth_cordova.js b/packages/oauth/oauth_cordova.js
new file mode 100644
index 0000000000..44ca7639cb
--- /dev/null
+++ b/packages/oauth/oauth_cordova.js
@@ -0,0 +1,44 @@
+// Cordova specific code for the OAuth package.
+
+// Open a popup window, centered on the screen, and call a callback when it
+// closes.
+//
+// @param url {String} url to show
+// @param callback {Function} Callback function to call on completion. Takes no
+//   arguments.
+// @param dimensions {optional Object(width, height)} The dimensions of
+//   the popup. If not passed defaults to something sane.
+OAuth.showPopup = function (url, callback, dimensions) {
+  console.log("showing url", url);
+  var popup = window.open(url, '_blank', 'location=yes,hidden=yes');
+  popup.addEventListener('loadstart', pageStartLoad);
+  popup.addEventListener('loadstop', pageLoaded);
+  popup.addEventListener('loaderror', fail);
+  popup.addEventListener('exit', close);
+  popup.show();
+
+  function pageStartLoad (event) {
+    console.log("page start load", JSON.stringify(event));
+  }
+  function fail (err) {
+    Meteor._debug(err);
+  }
+
+  function close () {
+    console.log("close");
+  }
+  function pageLoaded (event) {
+    console.log("loaded", event.url);
+    console.log("comparing to", Meteor.absoluteUrl('_oauth'));
+    var url = decodeURI(event.url);
+    console.log("decoded", url);
+    if (url.indexOf(Meteor.absoluteUrl('_oauth')) === 0) {
+      var credentials = JSON.parse(url.split('#')[1]);
+      OAuth._handleCredentialSecret(credentials.credentialToken,
+        credentials.credentialSecret);
+
+      popup.close();
+      callback();
+    }
+  }
+};
\ No newline at end of file
diff --git a/packages/oauth/oauth_server.js b/packages/oauth/oauth_server.js
index 7b92e83fc7..efc1146315 100644
--- a/packages/oauth/oauth_server.js
+++ b/packages/oauth/oauth_server.js
@@ -93,6 +93,7 @@ OAuth._credentialTokenFromQuery = function (query) {
 WebApp.connectHandlers.use(function(req, res, next) {
   // Need to create a Fiber since we're using synchronous http calls and nothing
   // else is wrapping this in a fiber automatically
+  console.log(req.url);
   Fiber(function () {
     middleware(req, res, next);
   }).run();
@@ -123,6 +124,7 @@ var middleware = function (req, res, next) {
       throw new Error("Unexpected OAuth version " + service.version);
     handler(service, req.query, res);
   } catch (err) {
+    console.log("error in middlware:", err.stack, req.url);
     // if we got thrown an error, save it off, it will get passed to
     // the appropriate login call (if any) and reported there.
     //
@@ -229,7 +231,7 @@ OAuth._renderOauthResults = function(res, query, credentialSecret) {
         details.error = "invalid_credential_token_or_secret";
       }
     }
-
+    console.log("writing response to client");
     OAuth._endOfLoginResponse(res, details);
   }
 };
@@ -278,7 +280,7 @@ var renderEndOfLoginResponse = function (loginStyle, setCredentialToken, token,
   }
   else
     throw new Error('invalid loginStyle');
-
+  console.log("results of login response", result);
   return "<!DOCTYPE html>\n" + result;
 };
 
diff --git a/packages/oauth/package.js b/packages/oauth/package.js
index 1efecb4780..cc7947b03f 100644
--- a/packages/oauth/package.js
+++ b/packages/oauth/package.js
@@ -19,7 +19,9 @@ Package.on_use(function (api) {
   api.export('OAuth');
   api.export('OAuthTest', 'server', {testOnly: true});
 
-  api.add_files('oauth_client.js', 'client');
+  api.add_files('oauth_client.js', 'web');
+  api.add_files('oauth_browser.js', 'web.browser');
+  api.add_files('oauth_cordova.js', 'web.cordova');
   api.add_files('oauth_server.js', 'server');
   api.add_files('pending_credentials.js', 'server');
 
@@ -41,3 +43,7 @@ Package.on_test(function (api) {
   api.use('oauth', 'server');
   api.add_files("oauth_tests.js", 'server');
 });
+
+Cordova.depends({
+  'org.apache.cordova.inappbrowser': '0.5.1'
+});
diff --git a/packages/standard-app-packages/package.js b/packages/standard-app-packages/package.js
index 728d4d8c94..0574dc041d 100644
--- a/packages/standard-app-packages/package.js
+++ b/packages/standard-app-packages/package.js
@@ -61,4 +61,8 @@ Package.on_use(function(api) {
     // Good defaults for the mobile status bar
     'mobile-status-bar'
   ], 'web.cordova');
+});
+
+Cordova.depends({
+  'org.apache.cordova.device': '0.2.11'
 });
\ No newline at end of file