Device Code Grant Type #626
Comments
|
The Spec is still in draft https://tools.ietf.org/html/draft-ietf-oauth-device-flow-13, but it will be great if anyone start to implement it in oauthlib. PRs are welcomed |
JonathanHuot
added
Feature
OAuth2-Client
|
@JonathanHuot is there a good documentation on where contributors can begin to add this feature ? |
|
You can ask on our Gitter channel. |
|
As thedrow mention it, we're very reactive in Gitter. You can also have a look on the other grants and see how they are currently implemented. Also note that we are differenting the client code from the server code, but we have sometime common code to both client and server. You can also have a look on our Contributing page https://oauthlib.readthedocs.io/en/latest/contributing.html for more generic stuff. |
|
I'm more interested in the server side as I need to implement this for a project I'm working on. Atm I've done it using my custom code but I very much want to do it the correct way. Will jump on gitter to discuss :) |
|
I cant help but feel like leaving the client side out is a bad idea. |
|
I can build the client side but the device code server itself is still alot a work |
|
I'm just thinking of the architecture needed for this in the context of the VERY needed JWT support. |
|
@duaneking do we have an open issue for that change maybe we can discuss it ? I can pause this work until that change has happened. |
|
@duaneking, full JWT support may have architecture changes but it should not prevent @jcampbell05 of completing his work. The Device Flow has nothing to do with JWT and should not be conflicting with the JWT new architecture. About client's side, if it's implemented during the first PR, that's would be great I confess. Also, it helps to test the Device Flow implementation itself. |
|
@JonathanHuot so I've been thinking about the client I'm basically writing my own client to test it anyways, so I guess it won't hurt to implement in this library either. |
|
My biggest push back was on having features be half done; If you are adding a client then that resolves this. Thank You. |
|
I don't have bandwidth to finish this right now - so hopefully someone can pick this up or perhaps I can resume later on |
|
No more in draft https://tools.ietf.org/html/rfc8628 |
|
Are you still looking for an implementation of the related endpoints? It looks like a lot of work. Would you happen to have any recommendations on the best way of splitting any eventual PR? |
|
From what I remember the flow more or less replicated one of the existing flows this library has. So most of the work I did was copying that but modifying it to have a specific method for generating the device code. There was a POC PR here #640 So if we could identify ways of splitting it up into smaller chunks that might be managable. |
I can open a PR on Section 3.1 and 3.2 of the spec. Would that help? I am new to the codebase but I can try to stick to what exists already and maybe get some guidance on the expected changes afterward? That would cover the Device Authorization request and response. PR #640 is still linked to the Draft specification, so the comments are a bit outdated. Is it ok to use if as an inspiration and start fresh? Update: I opened #844 to gauge interest. |
|
Yeah no problem, that's what I was hoping would happen. I'll have a look at the PR 😀 |
Describe the feature
In the latest spec there is a device code grant type https://www.oauth.com/oauth2-servers/device-flow/token-request/
This is useful for authenticating embedded devices. Right now this library lacks this feature.
The text was updated successfully, but these errors were encountered: