Support for OAuth Device Flow

[lipkau]

Hi there.

I am working on a project in which I want to pair a piece of hardware to the user account. I am a fan of how other project (youtube, apple tv, etc) do it - with OAuth Device Flow). https://tools.ietf.org/html/draft-ietf-oauth-device-flow-13

Any chance Passport supports (or can support) this flow? When testing the apis with this instrucction, I get

{
    "error": "unsupported_grant_type",
    "message": "The authorization grant type is not supported by the authorization server.",
    "hint": "Check that all required parameters have been provided"
}

[Sephster]

It's not supported at present. There is an old request to add this to OAuth2-Server though. I will pick this up in a week's time and add it in. I've tagged it for the version 8 branch but hopefully it can be added to version 7 if there is no BC breaks.

I plan on adding a lot of features during the Christmas break time permitting.

[lipkau]

awesome! thx

[driesvints]

I'll mark this as an enhancement we might consider once OAuth2-Server has added support :)

[lchhieu]

i get the same error. How to fix it

[lipkau]

@Sephster : any news on this?

[Sephster]

I started on this over Christmas and it is about 50% done. Need to pick it up again soon. No definite date on when this will be released though as my time has been stretched more than I thought.

The main issue I'm contending with at the moment is how to implement the view. I am leaning towards not implementing one and letting the implementers decide how this is created. This will require good guidance in the docs and also updates to the examples so it is a bigger job than I initially anticipated.

[lipkau]

no problem. was just curious. Will you update / link this issue when you have updates? or should I subscribe to another issue?

[Sephster]

This was the original PR in the league's repo https://github.com/thephpleague/oauth2-server/issues/626. I will likely update this one as well though

[almas1992]

This was the original PR in the league's repo thephpleague/oauth2-server#626. I will likely update this one as well though

Has there been any progress on that front?

[mastacheata]

@Sephster
I think you have an off-by-one error in the first and last digit of the issue number. ;)

This issue is referring to the Out-of-bounds device flow / device grant used on stuff like TVs, STBs, Home Stereos and Car Infotainment devices etc that don't have a browser or a comfortable user input. While that is implemented on many devices, it is not yet an internet standard, but still in the draft phase. (See: https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15 for the current draft specification as of July 2019)

The issue you mentioned on the oauth2-server is about the dynamic registration stuff and has a separate issue on Passport in #804

[yovchev]

Hi @Sephster I have a working example with the laravel/passport that implements the device flow using this fork device-flow-grant that expands on the work that you already have done with @lucadegasperi you can see it here yovchev/passport

I have the full device flow cycle using post requests (all requests and responses including errors are as per rfc8628 spec)

And also I have implemented a widget for laravel passport for visual device code activation

I'm going to be setting up a pull request for laravel passport next few days so please let me know if I can do anything to speed up the pull request on thephpleague/oauth2-server

@driesvints can you suggest where to do the pull request on laravel against master?

Also will be great if some of you guys want to help push this out as I don't have much time on my hands and there is some cleaning and test's to be written.

[driesvints]

Hey @yovchev. First of all: thanks for all your work on this 👍

I think it's best that we wait until oauth2-server has merged that open pr first and tagged a new release.

The pull request for passport will depend on wether your PR introduces any breaking changes. If there are it's probably best sent to master. If not it can be sent to the current stable release branch.

I don't have much time myself at this point to help out I'm afraid, sorry.

[darrencoutts118]

@yovchev - Have you submitted a PR to oauth2-server? I'm interested in seeing this making it into production

[martinbean]

Did this go anywhere? I’ll be embarking on a Roku app soon and will need to use this to authenticate users against my Laravel-based app.

[driesvints]

The issue on OAuth Server 2 is still open so I don't think so, no. https://github.com/thephpleague/oauth2-server/issues/626

[Sephster]

Yeah the development is done but needs some testing. I am working on this but progress is slow

[driesvints]

Thanks for your work @Sephster 👍

[driesvints]

Gonna close this for now until it's landed in OAuth2 Server. Thanks.

[plunkettscott]

@driesvints can this be reopened now that OAuth Server 9.x has been released with the device grant included?

https://github.com/thephpleague/oauth2-server/releases/tag/9.0.0

[driesvints]

Not re-opened but as said in https://github.com/laravel/passport/pull/1734 we're now accepting PR's to 13.x for the device flow. I believe @hafezdivandari will work on this.

[hafezdivandari]

I'll send a PR for this after #1744 is merged. The client model needed some refctoring after all these years, and adding more client grant types without polishing the current code isn't a good idea IMO.