With Device Flow, end users can authorize browserless or input constrained devices to access APIs. So long as your target devices have an internet connection, our secure OAuth 2.0 authorization flow can simplify input.
Picture yourself sitting in front of your Smart TV and trying to login into your favorite streaming app. A typical consumer would use a handheld remote and the onscreen keyboard to enter their credentials, which could be an extremely frustrating experience! This is what is meant by input-constrained; the device does not have a traditional or easy-to-use input mechanism like a full keyboard and a browser.
Device flow follows a simple 2-step process to authenticate the user into the app.
Using Device Flow, the end-user authorizes the device via a secure browser-based flow on a secondary device such as a mobile phone or computer without having to enter credentials directly into the input-constrained device.
Device Flow provides a secure and easy authorization method using a simple 2 step process:
Step 1: Generate the URL and/or code on the smart TV app.
Step 2: Use your laptop or smartphone (a secondary device) to complete the authentication process.
Device flow delivers a great solution for the media streaming app use case, but what about consumer IoT devices or sensor hubs that do not have a display? Constrained IoT Devices can possibly work with device flow as long as they are connected via a network to a smart controller/hub that has a display which can present the authorization code and URL to the user.