vapor-oauth icon indicating copy to clipboard operation
vapor-oauth copied to clipboard

Published 20 hours ago verified publisher icon brokenhandsio

Device Code Flow into Vapor OAuth

Open vamsii777 opened this issue 1 year ago • 6 comments

This pull request introduces the integration of the Device Code Flow into the Vapor OAuth, enhancing the existing OAuth2 Provider capabilities.

Changes:

  • Added Device Code Flow support following RFC 8628.
  • Implemented DeviceCodeTokenHandler to manage device code token requests.
  • Updated test cases to ensure the correct handling of device code expiration.

Impact:

This integration allows applications to utilize the Device Code Flow for authorization, providing a more secure and user-friendly way to authenticate devices without a browser or other user agent.

Testing:

All test cases have been updated and passed, ensuring that the new feature is working as expected and does not break existing functionality.

Please review the changes and provide feedback. Thank you!

vamsii777 avatar Aug 24 '23 15:08 vamsii777

@0xTim @marius-se Will this request be merged? Would also be great :-)

mynona avatar Dec 09 '23 11:12 mynona

Would be great if it’s merged! But is this package abandoned?

Aquaa7 avatar Dec 26 '23 18:12 Aquaa7

I'll look into this early next week! Sorry for the late reply, this project is not abandoned!

marius-se avatar Jan 04 '24 09:01 marius-se

@vamsii777 I haven't done a full review of this yet but I have some initial feedback/queries. First, this is a pretty huge PR and ideally would be broken up so we could discuss some of the changes in isolation. However, some of the immediate things that I've spotted:

  • I'm not 100% comfortable with dropping support for 5.8 and 5.7 just yet unless we have a very good reason
  • We're annotating lots of stuff with Sendable, which is good, but should turn on complete concurrency checking
  • The main issue - there's lots of stuff in the PR that's related to OpenID. That's got nothing to do with RFC 8628 and is very likely out of scope for this library. OpenID is a can of worms I don't particularly want to tackle in this library and would ideally be done with a library built on top of this one. None of it's required for device code flow right?

0xTim avatar Jan 15 '24 19:01 0xTim

@0xTim Gotcha, I'll break down the PR and YES would refactor so that you would be comfortable.

vamsii777 avatar Jan 15 '24 23:01 vamsii777

DO NOT MERGE. Moved to #28

vamsii777 avatar Jan 31 '24 19:01 vamsii777