Glossary / Authorization
Device Authorization Grant
The device authorization grant is an OAuth 2.0 flow that lets input-constrained devices, such as smart TVs and IoT hardware, authenticate a user by displaying a code the user enters on a separate device with a browser.
Also: device flow, device code
The device authorization grant is an OAuth 2.0 flow for devices that lack a full browser or convenient text input. Smart TVs, streaming sticks, game consoles, and CLI tools are common examples. When the user wants to sign in, the device requests a device code and a user code from the authorization server. It then displays the user code along with a verification URL.
The user opens that URL on a phone or laptop, enters the code, and completes authentication in a standard browser flow. Meanwhile, the device polls the authorization server until the user finishes. Once approved, the device receives an access token and, optionally, a refresh token.
For CIAM, the device authorization grant extends customer login to screens and hardware that cannot host a traditional redirect flow, broadening the reach of a single identity platform across all touchpoints.
Sources
- IETF RFC 8628, OAuth 2.0 Device Authorization Grant: https://datatracker.ietf.org/doc/html/rfc8628
Related terms
Standards
- IETF RFC 8628