Table of Contents
RFC 8628 (OAuth 2.0 Device Authorization Grant) is a Proposed Standard, published by IETF in August 2019. It defines an authorization flow (Device Flow) to issue access tokens for API clients running on devices with no Web browsers and/or that have limited capability for inputting text, with end user consent.
The device flow implies the following preconditions.
Here is an overview of the flow:
user_code: a value to be submitted from User to Authorization Server.
device_code: a value for Client to send a token request to Authorization Server.
device_codeto Authorization Server. The same requests are periodically made (i.e. polling) to Authorization Server until an access token (or an error) is returned.
user_codeand grants access to Client.
user_code, issues an access token and sends a token response including the token against the token request that contains the
device_codethat corresponds to the
As a result of the flow above, Client obtains the access token for authorized API requests.
Authlete version 2.1 and later support the device flow. Developers can simply implement their authorization servers that support the device flow, using the following newly added or enhanced Authlete APIs.
You can manage settings for the device flow using Service Owner Console.