The oauth_device_code_grant feature implements the Device Code Grant.
Authorization servers authorizing grants for devices which are internet-enabled but don’t have a browser (i.e. TVs).
plugin :rodauth do
enable :oauth_device_code_grant
end
The following URLs are made available.
Generates the authorization grant with device code, user code and verification uris.
client_id: the client application ID (required if the request can’t be authenticated);scopes: which permissions the request is for;Displays and allows the submission of a form for authenticated users, where they can submit user codes for grants.
When receiving the "grant_type" parameter with "urn:ietf:params:oauth:grant-type:device_code" (and the device_code and client_id if request not authenticated), it can be polled until it returns the access token, as per the RFC.