Describe the feature
In the latest spec there is a device code grant type https://www.oauth.com/oauth2-servers/device-flow/token-request/
This is useful for authenticating embedded devices. Right now this library lacks this feature.
jcampbell05
All 14 comments
The Spec is still in draft https://tools.ietf.org/html/draft-ietf-oauth-device-flow-13, but it will be great if anyone start to implement it in oauthlib. PRs are welcomed
JonathanHuot
on 13 Dec 2018
@JonathanHuot is there a good documentation on where contributors can begin to add this feature ?
jcampbell05
on 19 Dec 2018
You can ask on our Gitter channel.
thedrow
on 19 Dec 2018
As thedrow mention it, we're very reactive in Gitter. You can also have a look on the other grants and see how they are currently implemented. Also note that we are differenting the _client_ code from the _server_ code, but we have sometime common code to both client and server.
If you are looking into the client part, ideally, you should also propose a PR to requests-oauthlib which is the main "client" downstream of oauthlib.
You can also have a look on our Contributing page https://oauthlib.readthedocs.io/en/latest/contributing.html for more generic stuff.
JonathanHuot
on 19 Dec 2018
I'm more interested in the server side as I need to implement this for a project I'm working on. Atm I've done it using my custom code but I very much want to do it the correct way.
Will jump on gitter to discuss :)
jcampbell05
on 21 Dec 2018
I cant help but feel like leaving the client side out is a bad idea.
duaneking
on 24 Jan 2019
I can build the client side but the device code server itself is still alot a work
jcampbell05
on 25 Jan 2019
I'm just thinking of the architecture needed for this in the context of the VERY needed JWT support.
duaneking
on 25 Jan 2019
@duaneking do we have an open issue for that change maybe we can discuss it ? I can pause this work until that change has happened.
jcampbell05
on 28 Jan 2019
@duaneking, full JWT support may have architecture changes but it should not prevent @jcampbell05 of completing his work. The Device Flow has nothing to do with JWT and should not be conflicting with the JWT new architecture.
_EDIT:_ If JWT new architecture implies a lot of refactoring, I'll prefer completing this DeviceFlow and doing the JWT refactoring once DeviceFlow done. Only because no one has started this refactoring discussion and it is far from being completed than the DeviceFlow.
About client's side, if it's implemented during the first PR, that's would be great I confess. Also, it helps to test the Device Flow implementation itself.
JonathanHuot
on 28 Jan 2019
@JonathanHuot so I've been thinking about the client I'm basically writing my own client to test it anyways, so I guess it won't hurt to implement in this library either.
jcampbell05
on 28 Jan 2019
My biggest push back was on having features be half done; If you are adding a client then that resolves this. Thank You.
duaneking
on 29 Jan 2019
I don't have bandwidth to finish this right now - so hopefully someone can pick this up or perhaps I can resume later on
jcampbell05
on 22 Apr 2020
No more in draft https://tools.ietf.org/html/rfc8628
wiliamsouza
on 31 May 2020
Related issues
ryarnyah
·
3Comments
JonathanHuot
·
15Comments
thedrow
·
31Comments
ggiill
·
7Comments
ViktorHaag
·
11Comments
Most helpful comment
@JonathanHuot so I've been thinking about the client I'm basically writing my own client to test it anyways, so I guess it won't hurt to implement in this library either.