Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorize code - step by step to display the device code #17

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Authorize code - step by step to display the device code #17

wants to merge 1 commit into from

Conversation

MSchmack
Copy link

@MSchmack MSchmack commented May 9, 2022
edited

In the authorize code method the identification & authorization is completed in one step which does not allow displaying the device code. Without the device code the user can not verify if the authentication is as intended (UX Issue).
This commit creates two methods that split the authorizeCode method in two. This allows first getting the response with the device code and then going for the authentication afterwards.

Example usage

                 final codeResponse =
                        await OpenIdConnect.authorizeDeviceGetDeviceCodeResponse(request: request);

                   // dsplay the user device code
                    setState(() {
                      deviceIdentification = codeResponse.userCode;
                    });

                    final response =
                        await OpenIdConnect.authorizeDeviceCompleteDeviceCodeResponseRequest(
                      request: request,
                      codeResponse: codeResponse,
                    );

example_zszdgAPUu5

Names could probably be chosen better :-)

@MSchmack
Authorize code - step by step to display the device code
f237fa5 
In the authorize code method the identification & authorization is completed in one step which does not allow displaying the device code. Without the device code the user can not verify if the authentication is as intended (UX Issue).
This commit creates two methods that split the authorize code in two. This allows first getting the response with the device code and then going for the authentication afterwards.

                 final codeResponse =
                        await OpenIdConnect.authorizeDeviceGetDeviceCodeResponse(request: request);
                    setState(() {
                      deviceIdentification = codeResponse.userCode;
                    });

                    final response =
                        await OpenIdConnect.authorizeDeviceCompleteDeviceCodeResponseRequest(
                      request: request,
                      codeResponse: codeResponse,
                    );
@jhancock4d
Copy link
Contributor

Both methods are valid. If the device code is pre-passed it's supposed to work like Microsoft device code authentication and thus not show it and just confirm the request.

But agreed that if the device code is not passed it should show it. Could you update your PR to support both approaches?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MSchmack @jhancock4d