Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-7675

OAuth 2.0 Device Authorization Grant

    XMLWordPrintable

Details

    Description

      Design proposal:
      https://github.com/keycloak/keycloak-community/pull/6


      Add the ability to add an authentication flow where the actual the user provides authentication credentials in a separate channel.

      Like Google Push Authenticator, the IDP sends a push message that encodes a transaction, the app receives the push msg, decodes, and prompts the user to confirm (which signs the transaction). This signature is then sent to the IDP and thus allows access to the user in the original triggering channel. The only thing the user has to supply original triggering channel is a user identifier, no credentials.

      The related standards that support this model are Device Flow Grant https://tools.ietf.org/html/draft-ietf-oauth-device-flow (Now @https://www.rfc-editor.org/rfc/rfc8628.txt)

      Attachments

        Issue Links

          Activity

            People

              psilva@redhat.com Pedro Igor Craveiro
              hoggyholland James Holland (Inactive)
              Votes:
              27 Vote for this issue
              Watchers:
              36 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: