You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There may be use cases where you need to bail out of our oauth login flow but want to complete a device grant flow later.
Solution
New APIs
POST /oauth2/device/complete - complete a device grant
Authorize: API key (optionally add a JWT to omit the post body)
userId=userId
POST /oauth2/device/introspect - Validate a user_code
parameters: user_code
result: ok, if an IdP link is present, return enough data to display to a user or complete a link manually
Workflow
Workflow A
Start a device grant with an IdP link
Enter code on a FusionAuth page and bail sometime before completing login which means no auth code was generated.
Complete device code grant with a new API which will complete the IdP link associated with a user_code
Workflow B
Start a device grant with an IdP link
Enter code on a FusionAuth page and bail sometime before completing login which means no auth code was generated.
Complete the IdP link using an API, this links the IdP to the user
Complete device code grant, the link is already completed from the prior step, it should not error, and complete normally.
Workflow C
Start a device grant with an IdP link
Collect the code on your own page, not using a themed FusionAuth page
Validate the user_code with the existing API /oauth2/device/validate, or call a new API /oauth2/device/introspect to validate and get information about the user_code such as if there is a device link associated with it, the type, id, name, and user display name from the pending link..
Begin an Auth code grant with the collected user_code
Allow Device Grant to be completed out of band
Description
There may be use cases where you need to bail out of our oauth login flow but want to complete a device grant flow later.
Solution
New APIs
POST /oauth2/device/complete
- complete a device grantuserId=userId
POST /oauth2/device/introspect
- Validate auser_code
user_code
Workflow
Workflow A
user_code
Workflow B
Workflow C
user_code
with the existing API/oauth2/device/validate
, or call a new API/oauth2/device/introspect
to validate and get information about theuser_code
such as if there is a device link associated with it, the type, id, name, and user display name from the pending link..user_code
Related
Documentation
/oauth2/device/user-code
/oauth2/device/approve
/oauth2/introspect
deviceInfo.device.type
is no longer an enum/api/identity-provider/link/pending
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
The text was updated successfully, but these errors were encountered: