Standards Document info

RFC8628

RFC8628 - OAuth 2.0 Device Authorization Grant

The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained to the extent that requiring the user to input text in order to authenticate during the authorization flow is impractical. This document is an officially published standard.

Full text: https://tools.ietf.org/html/rfc8628

Deprecated Features

This document deprecates a number of OAuth features. The OAuch tests related to these deprecated features are:

Features.IsDeprecatedTlsSupportedTest

Countermeasures

This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:

DeviceAuthEndpoint.HasValidCertificateTest
DeviceAuthEndpoint.IsModernTlsSupportedTest
DeviceAuthEndpoint.IsHttpsRequiredTest
DeviceAuthEndpoint.UnrecognizedParameterAllowedTest
DeviceAuthEndpoint.SameParameterTwiceDisallowedTest
TokenEndpoint.IsClientAuthenticationRequiredTest
TokenEndpoint.HasValidCertificateTest
TokenEndpoint.IsModernTlsSupportedTest
TokenEndpoint.IsHttpsRequiredTest
Tokens.DeviceCodeEntropyTest

Back to the documents overview