OAuth 2.0 Device Authorization Grant
RFC 8628, “OAuth 2.0 Device Authorization Grant”, is a Proposed Standard document published in August 2019 by W. Denniss, J. Bradley, M. Jones, H. Tschofenig. The canonical text is published by the RFC Editor.
Abstract
The OAuth 2.0 device authorization grant is designed for Internet- connected devices that either lack a browser to perform a user-agent- based authorization or are input constrained to the extent that requiring the user to input text in order to authenticate during the authorization flow is impractical. It enables OAuth clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorization to access protected resources by using a user agent on a separate device.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8628 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8627 RTP Payload Format for Flexible Forward Error Correction
- RFC 8629 Dynamic Link Exchange Protocol Multi-Hop Forwarding Extension
- RFC 8630 Resource Public Key Infrastructure Trust Anchor Locator
- RFC 8625 Ethernet Traffic Parameters with Availability Information
- RFC 8631 Link Relation Types for Web Services
- RFC 8624 Algorithm Implementation Requirements and Usage Guidance for DNSSEC
- RFC 8632 A YANG Data Model for Alarm Management
- RFC 8623 Stateful Path Computation Element Protocol Extensions for Usage with Point-to-Multipoint TE Label Switched Paths