For OAuth2 device flow, should we define a "device authorization" element? #953

mmccool · 2020-08-17T12:18:38Z

See editor's note in text about this.
Also, might want to use deviceAuthorization instead of device_authorization if we do do it, for consistency.

farshidtz · 2020-08-18T17:55:21Z

This is a blocker for #929

mmccool · 2021-11-29T13:25:55Z

Discussed in security call Nov 29, 2021:

Current text uses the value of "authorization" for the "device authorization" endpoint
Adding a "device{_a,A}uthorization endpoint would require some additional rules about how that must be used for device flows and authorization must not, which would need extra validation and testing
Consensus: leave the design as it is (use "authorization" for "device authorization" and delete the editor's note (requires PR).

mmccool · 2021-11-29T13:26:15Z

@mmccool: make a PR to delete the ed note

egekorkan · 2022-06-15T15:37:28Z

Call of 15.06: This is solved by using authorization

mmccool added Security FPWD 1.1 labels Aug 17, 2020

mmccool assigned farshidtz and mmccool Aug 17, 2020

egekorkan added the V1.1 should be resolved in v1.1 label Oct 26, 2021

mmccool added the PR needed label Nov 29, 2021

egekorkan closed this as completed Jun 15, 2022

Provide feedback