logto
logto copied to clipboard
logto-io
feature request: OAuth2 Device Flow aka grant type urn:ietf:params:oauth:grant-type:device_code
What problem did you meet?
I have a device with limited user input and wish to take advantage of the OAuth2 Device Flow to register using a secondary device.
Describe what you'd like Logto to have
The underlying module node-oidc-provider provides a very nice implementation of OAuth2 Device Flow support, I wish there to be an option when creating an Application resource in the UI to specify the device_code grant type.
It may be necessary to extend the Sign-in experience to support the additional UX, although that provided by node-oidc-provider is generally sufficient.
Auth0 introduction: https://auth0.com/docs/quickstart/native/device/01-login
For node-oidc-provider one needs to simply configure the additional grant type, e.g.
{
client_id: 'device',
grant_types: ['urn:ietf:params:oauth:grant-type:device_code', 'refresh_token'],
response_types: [],
redirect_uris: [],
token_endpoint_auth_method: 'none',
},
...
features: {
deviceFlow: { enabled: true }, // defaults to false
...
}
Example device registration walkthough using node-oidc-provider:
Example CLI provided in TypeScript, app.ts.txt
> [email protected] start
> ts-node src/app.ts
URLSearchParams {
'client_id' => 'device',
'scope' => 'openid offline_access api:read api:write',
'resource' => 'https://resource.example.com' } -> {
device_code: 'ecZUEL9m79FgCXsTQgXNwBcWKdiOrxRYc0Jb3vi6zKm',
user_code: 'JQLT-NMMT',
verification_uri: 'https://identity.example.com/device',
verification_uri_complete: 'https://identity.example.com/device?user_code=JQLT-NMMT',
expires_in: 600
}
Please visit https://identity.example.com/device and enter the code: JQLT-NMMT
Hi @steve-o , thanks for your feature requrest with detailed requirements, the device flow support is in our plan, please stay tune. cc @gao-sun
