Difference between revisions of "Device flow description"
Pavel.lobko (talk | contribs) |
Pavel.lobko (talk | contribs) |
||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:Device Flow Description}} | {{DISPLAYTITLE:Device Flow Description}} | ||
| − | Oauth 2.0 Device flow is the authorization scenario for those devices, that has no ability to display an authorization web page (like IBM i) when making request to private data on resources with limited | + | Oauth 2.0 Device flow is the authorization scenario for those devices, that has no ability to display an authorization web page (like IBM i) when making request to private data on resources with limited access. Such a device should just display provided by authorization server link to an authorization web page. <br> |
[[File:Device-flow-scheme1.png|400px]] | [[File:Device-flow-scheme1.png|400px]] | ||
<br> | <br> | ||
Revision as of 11:10, 20 April 2020
Oauth 2.0 Device flow is the authorization scenario for those devices, that has no ability to display an authorization web page (like IBM i) when making request to private data on resources with limited access. Such a device should just display provided by authorization server link to an authorization web page.
The flow consists of the following steps:
- i2Rest client sends a request to the authorization server and includes its client identifier in the request.
- The authorization server responds with a device code, an end-user code and the verification URL.
- i2rest client provides end-user with a device code and the verification URL.
- Now it's time end-user to follow provided verification URL on any capable device. After authentification on authorization server end-user will be prompted to grant (or deny) access to the application. whether they are willing to grant one or more permissions that your application is requesting
- At the time end-user i2 rest starts polling authorization server.
- The authorization server validates the device code provided by the client and responds with the access token if the client is granted access, an error if they are denied access, or an indication that the client should continue to poll.
Required parameters
| Parameter | Description |
|---|---|
| Authentication method | *OAUTH2C must be specified
|
| Command | Any of available request type can be choosen |
| API endpoint | HTTP resource to serve the request |
| Tokens storage | ??????? |
| User/OAuth2 client/device ID | Client Credentials to authenticate with authorization server |
| User/OAuth2 client/dev passwd | |
| OAuth2 token endpoint | HTTP resource used by the client to abtain an access token |
| Scope | the set of resources and operations that are allowed to application with access token |
scope controls the set of resources and operations that an access token permits
