3. Protocol

This section defines the core flows of the OAuth 2.0 Device Authorization Grant protocol, including device authorization requests, responses, user interaction, and token acquisition.

3.1. Device Authorization Request: How device clients initiate authorization requests to the authorization server
3.2. Device Authorization Response: Verification codes and URIs returned by the authorization server
3.3. User Interaction: Authorization flow on the user's secondary device
- 3.3.1. Non-Textual Verification URI Optimization: Using QR codes and other non-textual methods
3.4. Device Access Token Request: Device client polling for access tokens
3.5. Device Access Token Response: Token endpoint responses and error handling

Protocol Overview

New Endpoint

This specification defines a new OAuth endpoint: the Device Authorization Endpoint, separate from the OAuth authorization endpoint defined in RFC 6749.

Key Differences

Traditional OAuth: Users interact with the authorization server via browser
Device Flow: Device clients communicate directly with the authorization server; users complete authorization on another device

Protocol Characteristics

One-way Communication: No two-way communication required between device client and user agent
Polling Mechanism: Clients continuously poll the authorization server for authorization results
Separated Authorization: Authorization request and approval occur on different devices

Please refer to individual subsections for detailed technical specifications and implementation details.

Section Navigation​

Protocol Overview​

New Endpoint​

Key Differences​

Protocol Characteristics​

Section Navigation

Protocol Overview

New Endpoint

Key Differences

Protocol Characteristics