The OAuth Device Flow specification (recently renamed to be the OAuth 2.0
Device Authorization Grant specification) is now RFC
8628<https://www.rfc-editor.org/rfc/rfc8628.txt>. The abstract describes the
specification as:
The OAuth 2.0 device authorization grant is designed for Internet-connected
devices that either lack a browser to perform a user-agent-based authorization
or are input constrained to the extent that requiring the user to input text in
order to authenticate during the authorization flow is impractical. It enables
OAuth clients on such devices (like smart TVs, media consoles, digital picture
frames, and printers) to obtain user authorization to access protected
resources by using a user agent on a separate device.
This specification standardizes an already widely-deployed pattern in
production use by Facebook, ForgeRock, Google, Microsoft, Salesforce, and many
others. Thanks to all of you who helped make this existing practice an actual
standard!
-- Mike
P.S. This announcement was also posted at http://self-issued.info/?p=2001 and
as @selfissued<https://twitter.com/selfissued>.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
