Device Authorization Grant #962
Comments
|
can you check the codes and possibly come with a implementation? |
|
Related to oauthlib/oauthlib#626 upstream |
|
We would be happy accept a PR for this feature once it is available in OAuthLib. We'll need to wait on upstream to merge it. It looks like there is ongoing work in oauthlib/oauthlib#844 and there is upstream interest. If you're interested in this feature I would recommend supporting the work in OAuthLib first. |
|
Great to see that it got merged upstream! 👍 🚀 |
|
@oliamb, et al. With this merged upstream we would love to see a PR for this feature. I don't have time to work on the implementation, but I would make time to support anyone who wanted to undertake the endeavor. |
|
@dopry I'll be raising the pr in DOT after the oauthlib stuff is released. I've just raised another pr in oauthlib to add the necessary device code grant type object and the relevant methods. I have a working device flow end to end using the branches I made in DOT and oauthlib with a custom auth server I'm working on |
|
Feel free to open a draft PR before the upstream release. That would allow @n2ygk and I to do some initial code review. |
Hey, thanks a lot for the awesome library!
I just discovered this evening an extension to OAuth2, which is the Device Authorization Grant, defined in RFC https://tools.ietf.org/html/rfc8628.
I dig a bit on how rfc8628 relates to rfc6749 (OAuth2). I thought it was through the Native Application update at first. But no, they are just leveraging the extension grant from OAuth2, which is not supported either by the django-oauth-toolkit.
The Device Authorization grant looks super interesting to authenticate native applications, much simpler than Authorization Code with PKCE and inter-application URL redirections. I am wondering if supporting it directly or through supporting the extension grant has been discussed already? (I did not find any reference)
The text was updated successfully, but these errors were encountered: