OAuth 2.0 Device Authorization Grant

The OAuth 2.0 Device Authorization Grant is designed for devices that are connected to the internet but lack a browser to perform a user agent based authorization during an authorization flow. It enables devices such as TVs, printers to obtain user authorization to access a protected resource by using a user agent on a separate device.

The authorization flow is also referred to as device flow.

OAuth 2.0 Device Authorization Grant is an OAuth 2.0 extension that enables devices with no browser or limited input capability to obtain an access token.

How OAuth 2.0 Device Authorization Grant Works

When an end user wants to login to a device, the device starts out by making a request to the device_authorization endpoint.
When the authorization server receives a request it generates a device code, user code and verification URL.
The device will then display the user code and the verification URL.
The device will then wait for the user to authorize the device code, and will poll the token endpoint at specified intervals to check if the user has authorized the call.
The end user in the meanwhile would use a device to access the verification URL, provide the user code and consent if necessary.
The device will then poll the token endpoint to receive token since the user code was authorized.