Device Flow Description
Revision as of 15:25, 19 April 2020 by Pavel.lobko (talk | contribs)
Oauth 2.0 Device flow is the authorization scenario for those devices, that has no ability to display an authorization web page (like IBM i) when making request to resources with limited acces. Such a device should just display provided by authorization server link to an authorization web page.
The flow consists of the following steps:
- i2Rest client sends a request to the authorization server and includes its client identifier in the request.
- The authorization server responds with a device code, an end-user code and the verification URL.
- i2rest client provides end-user with a device code and the verification URL.
- Now it's time end-user to follow provided verification URL on any capable device. After authentification on authorization server end-user will be prompted to grant (or deny) access to the application.
- At the time end-user i2 rest starts polling authorization server.
- The authorization server validates the device code provided by the client and responds with the access token if the client is granted access, an error if they are denied access, or an indication that the client should continue to poll.
Required parameters
| Parameter | Description |
|---|---|
| Authentication method | *OAUTH2C must be specified
|
| Command | Any of available request type can be choosen |
| API endpoint | HTTP resource to serve the request |
| Tokens storage | ??????? |
| User/OAuth2 client/device ID | Client Credentials to authenticate with authorization server |
| User/OAuth2 client/dev passwd | |
| OAuth2 token endpoint | HTTP resource used by the client to abtain an access token |
