AppAuth-iOS icon indicating copy to clipboard operation
AppAuth-iOS copied to clipboard

Published 20 hours ago verified publisher icon openid

Device workflow is missing the client_id parameter in token requests

Open ronnybremer opened this issue 8 months ago • 2 comments

According to https://www.rfc-editor.org/rfc/rfc8628#section-3.4 when requesting a token during the device workflow the client_id is required when the client is not able to authenticate to the IDP.

This code shows, that only the device_code and user_code are used in the request: https://github.com/openid/AppAuth-iOS/blob/c89ed571ae140f8eb1142735e6e23d7bb8c34cb2/Sources/AppAuthTV/OIDTVTokenRequest.m#L160C1-L172C2

Should that be amended to include the client_id as well?

ronnybremer avatar Jun 09 '24 10:06 ronnybremer