Hi Alex, I’m also working on an implementation based on the draft specification. I came to the same conclusion about linking to Section 4.1.3 of RFC6749.
As for your second question, I also came to the same conclusion, which was confirmed by looking at the source code to the Active Directory Authentication Library (ADAL) for .NET (Azure Active Directory is my project’s first target). ADAL also sets the grant_type parameter to “device_code” (contrast this with the value originally in section 4.1.3). I am hoping to also test my implementation against other major server implementations (Google and Facebook come to mind) in the next few weeks and will report my findings to this mailing list. Cheers, - Oli -- Let me help you be awesome at what you do, using Microsoft Developer Tools +1 613-212-5551 From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Alex Bilbie Sent: Friday, April 15, 2016 13:32 To: oauth@ietf.org Subject: [OAUTH-WG] Device flow clarifications N.B: I sent the following email to draft-ietf-oauth-device-f...@tools.ietf.org<mailto:draft-ietf-oauth-device-f...@tools.ietf.org> on 12th April but didn't receive a reply so am reposting here: --- Hello, I've been working on an implementation of the OAuth 2.0 Device Flow (as described at https://tools.ietf.org/html/draft-ietf-oauth-device-flow-01<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-ietf-oauth-device-flow-01&data=01%7c01%7colivida%40microsoft.com%7c1cf0164e15984b96d6ad08d36553de5e%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Aw6hIdrAeX5%2feexlbPdZZiOYNdD6ETBP2bwnVpAuBIY%3d>). Please could the following points please be clarified: Section 3.2: "The client requests an access token by making an HTTP "POST" request to the token endpoint as described in Section 4.1.1 of [RFC6749]" Should this actually say Section 4.1.3 of RFC6749 which is the Access Token Request section for the authorisation code grant? Assuming the above is true, should the `code` parameter POSTed to the authorisation server be the value of the `device_code` parameter returned to the client in the initiating request? Many thanks, Alex Bilbie
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
