We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi,
Thanks very much for sharing this code. We found it from the links at https://oauth.net/2/device-flow/. It's very helpful for us on the https://www.cilogon.org/ project.
I wonder if you can provide some advice/guidance for us related to discovery metadata. My apologies if this isn't the right place to ask.
The situation arises if (for example) we have an issuer of https://example.com with metadata at https://example.com/.well-known/oauth-authorization-server containing:
{ "issuer": "https://example.com", "authorization_endpoint": "https://example.com/oauth2/authorize", "token_endpoint": "https://example.com/oauth2/token", "token_endpoint_auth_methods_supported": ["client_secret_basic"], "response_types_supported": ["code"], "grant_types_supported": ["authorization_code"] }
Then we configure the Device-Flow-Proxy-Server with:
BASE_URL=https://oauth-device-flow-demo.herokuapp.com AUTHORIZATION_ENDPOINT=https://example.com/oauth2/authorize TOKEN_ENDPOINT=https://example.com/oauth2/token
So we modify our metadata according to https://tools.ietf.org/html/rfc8628#section-4 as follows:
{ "issuer": "https://example.com", "authorization_endpoint": "https://example.com/oauth2/authorize", "device_authorization_endpoint": "https://oauth-device-flow-demo.herokuapp.com/device/code", "token_endpoint": "https://example.com/oauth2/token", "token_endpoint_auth_methods_supported": ["client_secret_basic"], "response_types_supported": ["code"], "grant_types_supported": ["authorization_code", "urn:ietf:params:oauth:grant-type:device_code"] }
It almost works, except after the client gets the device_code from https://oauth-device-flow-demo.herokuapp.com/device/code it sends it to https://example.com/oauth2/token instead of https://oauth-device-flow-demo.herokuapp.com/device/token. We need something like
"device_token_endpoint": "https://oauth-device-flow-demo.herokuapp.com/device/token"
in our metadata, but https://tools.ietf.org/html/rfc8628#section-4 doesn't give us that option. And since the Device-Flow-Proxy-Server doesn't change the issuer, https://tools.ietf.org/html/rfc8414#section-3 doesn't seem to give us the option of hosting metadata for it at a different location, unless we follow the "application-specific" method.
Am I missing something? Thanks in advance for any advice/guidance you can give.
-Jim
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi,
Thanks very much for sharing this code. We found it from the links at https://oauth.net/2/device-flow/. It's very helpful for us on the https://www.cilogon.org/ project.
I wonder if you can provide some advice/guidance for us related to discovery metadata. My apologies if this isn't the right place to ask.
The situation arises if (for example) we have an issuer of https://example.com with metadata at https://example.com/.well-known/oauth-authorization-server containing:
Then we configure the Device-Flow-Proxy-Server with:
So we modify our metadata according to https://tools.ietf.org/html/rfc8628#section-4 as follows:
It almost works, except after the client gets the device_code from https://oauth-device-flow-demo.herokuapp.com/device/code it sends it to https://example.com/oauth2/token instead of https://oauth-device-flow-demo.herokuapp.com/device/token. We need something like
in our metadata, but https://tools.ietf.org/html/rfc8628#section-4 doesn't give us that option. And since the Device-Flow-Proxy-Server doesn't change the issuer, https://tools.ietf.org/html/rfc8414#section-3 doesn't seem to give us the option of hosting metadata for it at a different location, unless we follow the "application-specific" method.
Am I missing something? Thanks in advance for any advice/guidance you can give.
-Jim
The text was updated successfully, but these errors were encountered: