Introduction
The device authorisation grant is designed for Internet connected devices that either lack a browser to perform a user-agent based authorisation or are input constrained to the extent that requiring the user to input text in order to authenticate during the authorisation flow is impractical. It enables clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorisation to access protected resources by using a user agent on a separate device.
Device-Auth User flow
Endpoint specification
| Endpoint | HTTP Method | Purpose |
|---|---|---|
| /api/auth/v1/device | POST | Creates unique user code and a verification URI to present it on a external browser to verify the user. |
| /api/auth/v1/device/verify | POST | Verifies the user code with the authenticated user. |
| /api/auth/v1/access_token with grant_type="urn:ietf:params:oauth:grant-type:device_code" | POST | Provides access_token to the device once the user is verified externally. |