From the course: Web Security: OAuth and OpenID Connect (2019)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Build an example: Kiosk
From the course: Web Security: OAuth and OpenID Connect (2019)
Build an example: Kiosk
Building out the device grant type can be, and definitely will be a challenge. Since it's one of the newest grant types, it's not widely supported both within the authorization servers on the Oath provider side, and in the supporting libraries and SDKs on the consumer side. Regardless, we can use oath.com's Oath Playground again to show the basic of how it would work. So we scroll down to the bottom, the Oath 2 Playground, and then we can go to the Device Code Flow. And this will show each step. When the device kicks off the authorization process, it makes a request to the device endpoint with the client ID, which identifies itself. It gets back at device code, which represents that device at that moment in time, a user code that the user will actually have to type in to the verification URL. And then the verification URL itself. So the way this works is that the user pulls this up on a external device, goes through…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.