Skip to content

Endpoints device authorization endpoint

Jump to bottom
Madhumita Subramaniam edited this page Nov 18, 2022 · 8 revisions

Device Authorization endpoint

The URI to invoke the Device Authorization Endpoint in Janssen Auth Server can be found by checking the introspection_endpoint claim of the OpenID Connect configuration response, typically deployed at https://<my.jans.server>/.well-known/openid-configuration

"device_authorization_endpoint" : "https://<my.jans.server>/jans-auth/restv1/device_authorization"

Device

The Device Authorization Grant defined by RFC 8628

sequenceDiagram
autonumber 1
    title Oauth2.0 Device Authorization flow

    participant User
    participant Browser on Computer / Smartphone
    participant Device App
    participant Jans AS
    participant Third Party App

    User->>Device App:Opens an app on device
    Device App->>Jans AS:Sends authorization request \n"jans-server.com/jans-auth/restv1/device_authorization"
    Jans AS->>Device App:Response - \nuser_code, device_code, verification_url, interval, expiration
    Device App ->>User: Instructs the user to access Verification URL \nand enter user_code
    note over Device App:Device App will keep polling AS for Access Token \nuntil device authorization is completed
    loop till Device App recieves Access Token:
    Device App->>Jans AS:request Access Token
    Jans AS->>Device App:Response - \naccess_denied \nOR expired_token \nOR authorization_pending \nOR Access token
    end 
    User->>Browser on Computer / Smartphone:Opens a browser \nand access verification URL
    Browser on Computer / Smartphone->>Jans AS:send user_code to verification URL
    Jans AS -->> Browser on Computer / Smartphone :Login and authorization prompt
    Browser on Computer / Smartphone->>Jans AS:Authentication and consent
    Jans AS->>Jans AS: Mark device as Authorized
    note over Jans AS:Subsequent polling by the Device App \nwill return an Access Token as indicated \nby the loop above
    Device App->>Third Party App:Invoke API with Access Token
    Third Party App->>Device App: return Response
Loading

admin/auth-server/oauth-features/device-grant.md

Clone this wiki locally