This PR implements the device grant authorization flow (as described in the RFC 8628). Although this flow is designed for devices that either lack a browser to perform a user-agent-based authorization or are input constrained, it is also very useful for applications not allowed to start their own webserver (loopback URL) or register a custom URL scheme to finish the authorization code grant flow.
We've been using this implementation for several months (from our private fork) without any issues.
This PR implements the device grant authorization flow (as described in the RFC 8628). Although this flow is designed for devices that either lack a browser to perform a user-agent-based authorization or are input constrained, it is also very useful for applications not allowed to start their own webserver (loopback URL) or register a custom URL scheme to finish the authorization code grant flow.
We've been using this implementation for several months (from our private fork) without any issues.