Can't get device code authentication to work

[hongooi73]

I always leave stacks of issues the first time I use a package, it's nothing personal 😁

I can't seem to get the device code flow to work with Azure. I can authenticate with the authorization code flow, and with the device code flow using my existing AzureAuth code, so I know there's nothing wrong on the AAD side.

cli_app <- "xxx-xxx-xxx"
scopes <- paste(c("https://management.azure.com/.default", "openid", "offline_access"), collapse=" ")
tenant <- "aicatr"

# token endpoint
token_url <- paste0("https://login.microsoftonline.com/", tenant, ".onmicrosoft.com/oauth2/v2.0/token")

# device code endpoint
dev_url <- paste0("https://login.microsoftonline.com/", tenant, ".onmicrosoft.com/oauth2/v2.0/devicecode")

dev_client <- oauth_client(cli_app, token_url)

dc <- oauth_flow_device(dev_client, auth_url=dev_url, scope=scopes)
# Error: Failed to process response from 'token' endpoint   
# Run `rlang::last_error()` to see where the error occurred.

Is there something wrong in how I'm calling oauth_flow_device?

[hadley]

I must've broken something because this code (which definitely worked for me at least once), no longer works:

library(httr2)

client <- oauth_client(
  id = "Iv1.73a8cd0fc360044f",
  secret = obfuscated("G8mAhZD5SVZKf0dEkrTA33xf6ImWrhIfTrRuZzb9JxH87ec8LglCilQGdbonyS1f6oI-ytqxOCk"),
  token_url = "https://github.com/login/oauth/access_token",
  name = "github_app"
)

token <- oauth_flow_device(client, auth_url = "https://github.com/login/device/code")

[hongooi73]

Cool, so I'm not going crazy then!

[josephguillaume]

I can confirm the same error too.

It looks like it's because oauth_flow_device_request calls oauth_flow_fetch, which looks for access_token in the response, but of course the device flow only returns verification_uri_complete, not the actual token.
Stepping through oauth_flow_fetch manually shows the verification_uri_complete is there in the response as it should be.

httr2/R/oauth-flow-device.R

Lines 82 to 89 in 87011c0

	oauth_flow_device_request <- function(client, auth_url, scope, auth_params) {
	req <- request(auth_url)
	req <- req_body_form(req, list2(scope = scope, !!!auth_params))
	req <- oauth_client_req_auth(req, client)
	req <- req_headers(req, Accept = "application/json")
	oauth_flow_fetch(req)
	}

httr2/R/oauth-flow.R

Lines 15 to 22 in 87011c0

	if (has_name(body, "access_token") && resp_status(resp) == 200) {
	body
	} else if (has_name(body, "error")) {
	oauth_flow_abort(body$error, body$error_description, body$error_uri)
	} else {
	resp_check_status(resp)
	abort("Failed to process response from 'token' endpoint")
	}

[hadley]

It seems like this works once more, possibly due to #109

Reprex with new Github app created just for this issue:

library(httr2)

client <- oauth_client(
  id = "c17ad0b8bb2696ee57ab",
  secret = obfuscated("mI4VaghA52WQWeKGDOxqZ_v4sEDuJgRNS0gqSN8irsi8OShWELpfaa13E8ogiQFsZnmXJ80dg6I"),
  token_url = "https://github.com/login/oauth/access_token",
  name = "https://httr2.r-lib.org"
)

token <- oauth_flow_device(client, auth_url = "https://github.com/login/device/code")