Skip to content

Device Authorization Grant support #763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Device Authorization Grant support #763

wants to merge 3 commits into from

Conversation

@solevic
Copy link

@solevic solevic commented Nov 12, 2021
edited
Loading

Checklist

  • I read the Contribution Guidelines
  • I signed the CLA and WG Agreements
  • I ran, updated and added unit tests as necessary.
  • I verified the contribution matches existing coding style.
  • I updated the documentation if necessary.

Motivation and Context

As described in issue #675, AppAuth-Android does not currently support authentication for Android devices that either lack a browser or have limited input capabilities to fully perform the traditional authentication flow. Adding support of the extension Device Authorization Grant as described in RFC 8628 would allow such devices to obtain tokens from the authorization server with the help of a secondary device with browser and common input capabilities.

Description

The implementation follows the Device Authorization Grant - RFC 8628 and exposes the following:

  • A DeviceAuthorizationRequest with its associated DeviceAuthorizationResponse
  • The additional grant type urn:ietf:params:oauth:grant-type:device_code in the TokenRequest Builder
  • Methods to perform the device authorization and token polling in the AuthorizationService
  • Helper methods in AuthState to properly handle the new authorization states

As of today, there is no proper way for the user to sign off from devices without a browser, as this would require the extension Token Revocation - RFC 7009 that I would gladly implement after this one.

@caspernpo
Copy link

caspernpo commented Sep 28, 2022

Just wondering, is there any progress on this PR?

@Arifin-pixel
Copy link

Arifin-pixel commented Oct 12, 2022

tes h&h ArFN Deso
_github-pages-challenge-Arifin-pixel
code
43b6a478fba98c2ae1ab7a1fc08832

@davidngoshadow
Copy link

davidngoshadow commented Nov 6, 2023

Is there any update about this PR ?

@maxrimmer
Copy link

maxrimmer commented Dec 15, 2023

Any news on this?

@agologan agologan mentioned this pull request Jan 31, 2024
Open
@ColinFrick ColinFrick mentioned this pull request Feb 22, 2024
Draft
2 tasks
@TheNetStriker
Copy link

TheNetStriker commented Sep 18, 2024

I've just tested this and it works.

I only found a typo in the readme:

authService.performTokenPollRequestRequest has to times Request at the end, it should be
authService.performTokenPollRequest

Any update when this will be implemented?

@abdulazizumarovich
Copy link

abdulazizumarovich commented Mar 15, 2025

Nice work.
We ended up waiting and implemented this PR in our application. Working just fine. There are some changes though: fixing bugs, implementation in a sample. I am not really sure if I should open another PR. So just mentioning it

@Dunedubby
Copy link

Dunedubby commented Sep 5, 2025

@blundell is there anything we can do to help make this merge happen?

@blundell
Copy link
Collaborator

blundell commented Sep 15, 2025

@blundell is there anything we can do to help make this merge happen?

I could merge it, but I don't have the authority or admin to make a release sorry. I am not sure who has either

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@solevic @caspernpo @Arifin-pixel @davidngoshadow @maxrimmer @TheNetStriker @abdulazizumarovich @Dunedubby @blundell