Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

HostFacilitator: Steffo Weber

What's the purpose of OAuth device flow?


Q: Can AM's code generator be modified?
A: Only length so far, but could be an enhancement request.


OAuth 2.0 device flow 
- User tries to login to a page - gets redirected to Google (for example) and authenticated there. The user then given an auth token and with that token gets access to the original page.
Demo scenario:
Alarm system that notifies the person (by a phone call) who locked the door and activated the alarm.
- the alarm system sends a user code request to OpenAM
- OpenAm returns the user code and the alarm system displays it
- the person who activated the alarm system goes to OpenAM and types the code in
- OpenAM understands the code and authenticates the person
- The alarm system keeps sending authentication information request. Once the user has logged in the alarm system gets the auth token from OpenAM.
- If the alarm goes off it sends a request with the access token to IG
- IG (using Twillio) calls the user that the alarm went off
proof of possession token - contains the proof that the sender is the legitimate owner