This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
OAuth 2.0 Device Authorization Grant
OAuth 2.0 Device Authorization Grant

Version management

Difference between version and

At line 1 added 50 lines
!!! Overview[1][2]
[{$pagename}] is defined in [RFC 8628] and is an [OAuth 2.0 Protocol Flow] for [browserless|Browser] and other [Input-constrained devices] that enables [OAuth Clients] to request user [authorization] from devices that have an [internet] connection, but don't have an easy input method (such as a smart TV, media console, picture frame, or printer), or lack a suitable browser for a more traditional OAuth flow.
This [authorization] flow instructs the user to perform the [Authentication Request] on a secondary [device], such as a [Mobile Device].
[{$pagename}] is not intended to replace browser-based OAuth in [Native applications] on capable devices (like smartphones). Those apps should follow the practices specified in [OAuth 2.0 for Native Apps] [RFC 8252].
The only requirements to use [{$pagename}] are that the device is connected to the [Internet], and able to make outbound [HTTPS] requests, be able to display or otherwise communicate a [URI] and code sequence to the user, and that the user has a secondary device (e.g., personal computer or smartphone) from which to process the request. There is no requirement for two-way communication between the [OAuth Client] and the [user-agent], enabling a broad range of [Use cases].
Instead of interacting with the end-user's user-agent, the client instructs the end-user to use another computer or device and connect to the authorization server to approve the access request. Since the client cannot receive incoming requests, it polls the authorization server repeatedly until the end-user completes the approval process.
[{$pagename}] instructs the user to perform the [Authorization Request] on a secondary device, such as a smartphone.
[{$pagename}] known [Implementations]:
* [Google] ([https://developers.google.com/identity/protocols/OAuth2ForDevices|https://developers.google.com/identity/protocols/OAuth2ForDevices |target='_blank'])
* [Facebook] ([https://developers.facebook.com/docs/facebook-login/for-devices|https://developers.facebook.com/docs/facebook-login/for-devices|target='_blank'])
* [Microsoft]
* [ForgeRock] within [OpenAM]
* [Curity Identity Server|Curity]
* [Salesforce] ( [https://releasenotes.docs.salesforce.com/en-us/spring17/release-notes/rn_security_auth_device_flow.htm|https://releasenotes.docs.salesforce.com/en-us/spring17/release-notes/rn_security_auth_device_flow.htm|target='_blank'])
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OAuth 2.0 Device Flow for Browserless and Input Constrained Devices|https://tools.ietf.org/html/draft-ietf-oauth-device-flow-09|target='_blank'] - based on information obtained 2018-01-04-
* [#2] - [Using OAuth Device Flow For UI-Incapable Devices|https://nordicapis.com/using-oauth-device-flow-for-ui-incapable-devices/|target='_blank'] - based on information obtained 2018-04-21-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop