Investigate Client Authentication for the Device Authorize Endpoint

[spwitt]

Investigate Client Authentication for the Device Authorize Endpoint

Description

RFC 8628 Section 3.1 on the Device Authorize endpoint states that

The client authentication requirements of Section 3.2.1 of [RFC6749] apply to requests on this endpoint, which means that confidential clients (those that have established client credentials) authenticate in the same manner as when making requests to the token endpoint, and public clients provide the "client_id" parameter to identify themselves.

FusionAuth requires client credentials to complete the Device Code Grant. Should it also require them to begin the grant?

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.