OAuth 2.0 Device Authorization Grant

  • The device is already connected to the Internet.
  • The device is able to make outbound HTTPS requests.
  • The device is able to display or otherwise communicate a URI and code sequence to the user.
  • The user has a secondary device (e.g., personal computer or smartphone) from which they can process the request.

Youtube Example

Device Authorization Flow

Security Considerations

1. User Code Brute Forcing

2. Device Code Brute Forcing

3. Remote Phishing

4. Non-Confidential Clients

5. Non-Visual Code Transmission

Conclusion

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Oso Panda: Pequeña Mascota Virtual Parlante Hack Free Resources Generator

It is hard but not impossible | eWPT Review

Don’t Get Compromised

How Instagram Helped Me To Exploit XSS 🔥

Phonebook of the Internet: DNS in Simple Words!

{UPDATE} Einfach Mathe 1 Hack Free Resources Generator

{UPDATE} Bubble Shooter Hack Free Resources Generator

{UPDATE} OMG Guess What Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ademar Gonçalves

Ademar Gonçalves

More from Medium

Laravel Nova — Single Responsibility Principle Approach

Microservices Part I

Powerful Browser Debugging Console Object

Is the REST API dead?