I am currently implementing an OAuth 2.0 provider and I wish to support devices with no browser support like consoles and TVs! I took as example the YouTube pair for my smart TV, which generated the 8 letters code PJGV-SJBQ! How and where (server or device) this code is generated and how to guarantee it is unique?! I meant: at server I think that code is searched and to the logged user the device permission is granted, right?!
Asked
Active
Viewed 51 times
0
1 Answers
1
In the RFC6749, there is no grant type flow for such devices. You have to create a custom grant type flow. Look at this flow described for Google API: https://developers.google.com/accounts/docs/OAuth2#device
I hope it will help you.
Spomky-Labs
- 15,473
- 5
- 40
- 64