The OAuth 2.0 “Device Flow” extension enables OAuth on devices that have an Internet connection but don’t have a browser or an easy way to enter text. If you’ve ever signed in to your YouTube account on a device such as the Apple TV, you’ve encountered this workflow already. Google was involved in the development of this extension, and has been an early implementer of it in production as well.
This flow is also seen on devices such as smart TVs, media consoles, picture frames, printers, or hardware video encoders. In this flow, the device instructs the user to open a URL on a secondary device such as a smartphone or computer in order to complete the authorization. There is no communication channel required between the user’s two devices.
- User Flow
- Authorization Request
- Token Request
- Authorization Server Requirements
- Security Considerations