What browser prompts for permission to follow a redirect? OAuth flows don't require cross-domain interaction in any of the ways that browsers have fought to reduce.
Redirects are fine as long as no container-type things are in play (since those don't necessarily carry the origin's cookies across the boundary), it's embedded cross-domain auth forms in an iframe that can cause a dialog.
