0Pricing
OAuth2 & OpenID Connect Deep Dive · Lesson

Device Authorization Grant

Learn the OAuth2 Device Authorization Grant (RFC 8628) used by input-constrained devices such as smart TVs, consoles, and CLI tools to obtain tokens via a secondary device.

Why a Device Grant?

Some clients have no browser or only a limited keypad: smart TVs, media consoles, printers, and CLI tools. The classic Authorization Code Flow assumes a rich browser for the user-agent redirect, which these devices cannot provide.

The Device Authorization Grant (RFC 8628) solves this by letting the user complete authorization on a second device (phone or laptop) while the constrained device polls for the result.

The Two Endpoints

The flow introduces a new device authorization endpoint alongside the standard token endpoint.

  • /device_authorization — the device requests codes here.
  • /token — the device polls here with grant type urn:ietf:params:oauth:grant-type:device_code.

No redirect URI is involved at all.

All lessons in this course

  1. Authorization Code Flow
  2. Client Credentials Flow
  3. Implicit Flow & Deprecation
  4. Device Authorization Grant
← Back to OAuth2 & OpenID Connect Deep Dive