Identification, Authentication and Authorization

Applied Cryptography Robust Software Quantum Safety Machine Learning Applied to Security Analysis and Exploration of Vulnerabilities Computer Systems Forensic Analysis Reverse Engineering Identification, Authentication and Authorization Secure Execution Environments Direito da Organização e da Segurança

Identification, Authentication and Authorization
Access Control Models
OAuth 2.0 Authorization Framework
Linux Security Mechanisms
Authentication Protocols
PAM (Pluggable Authentication Modules)
FIDO and FIDO2 framework
Authentication with Trusted Third Parties / KDCs
Identity Management
Anonymity and Privacy

Powered by GitBook

On this page

Device authorization grant (RFC 8628)

PreviousProof Key for Code Exchange (PKCE, RFC 7636)NextActual protocol flow

Last updated 8 months ago

In some cases, the user is using a device with no browser to interact with an OAuth client.

No HTTP redirections to the Authorization server and back to the client.
No user interface.
- To authenticate the user.
- To review and authorize the request.

Solution.

Use a second device to perform the user authentication and to grant the authorization.
- e.g. mobile phone, tablet, etc.
The client fetches the access token from the Authorization server.
- Possibly with a refresh token.