Skip to content

Allow user_code to be configured for device auth flow (Device Authorization Grant) #885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 17, 2024
Merged

Allow user_code to be configured for device auth flow (Device Authorization Grant) #885

merged 9 commits into from
Oct 17, 2024

Conversation

duzumaki
Copy link
Contributor

@duzumaki duzumaki commented Oct 14, 2024
edited
Loading

Oauth2 doesn't specify the format of the user_code token but ideally it should be something human and device display friendly with a decent enough amount of entropy. e.g something short like ME3-2FD

So let's allow this code to be configured based on the needs of the device instead.

The current token generation logic is now the default behaviour

e.g response

{
    "verification_uri": "xxx",
    "expires_in": 1800,
    "user_code": "M3D-DGF" (instead of a non human friendly string like with device_code),
    "device_code": "9Y4cH5zUXutDJcAwXJZoRjJnxNn36C"
}

@ maintainers, I'm currently working on a pr for this issue in DOT so I have tested this with a view i've implemented on a branch there, that a custom authentication server I'm working on is using.

@duzumaki duzumaki changed the title Allow user code to be configured Allow user code to be configured for device auth flow Oct 14, 2024
@duzumaki duzumaki changed the title Allow user code to be configured for device auth flow Allow user code to be configured for device auth flow (Device Authorization Grant) Oct 14, 2024
@duzumaki duzumaki changed the title Allow user code to be configured for device auth flow (Device Authorization Grant) Allow user_code to be configured for device auth flow (Device Authorization Grant) Oct 14, 2024
@duzumaki duzumaki marked this pull request as draft October 14, 2024 21:17
@duzumaki duzumaki force-pushed the master branch 4 times, most recently from 6ed6058 to fa221ef Compare October 15, 2024 12:04
@duzumaki duzumaki marked this pull request as ready for review October 15, 2024 12:05
@duzumaki duzumaki mentioned this pull request Oct 15, 2024
Closed
@duzumaki
Allow custom user_code
1152a61
@duzumaki
Add convience import
465e8ac
@duzumaki
Allow user code to be configured in device auth flow
c90dc2e 
Whilst oauth2 doesn't specify how the format should be
the current behaviour generates a code that is not human and device friendly.

e.g 6Pp9vPKaanbFydF9omtlNLLdJA4HG7

This commit makes it so that's the default behvaiour but allows the caller of DeviceApplicationServer
to pass in a user code in a format they prefer in the form of a callable to be called that returns the code as a string
@duzumaki
Return a python dict in create_device_authorization_response
ca2f4fe 
The json serialisation should occur at the interface level (e.g a view) that will use this method
not the method itself as it can lead to "double" json serialisation or the need to use json.loads()
to deserialize and serialise it again before the httpResponse is made back to the client
@duzumaki
Update tests
b1550fa
@duzumaki
Add typing
ecdbcd3
@duzumaki
Apply ruff format
68efb8c
@auvipy auvipy self-requested a review October 15, 2024 22:14
auvipy
auvipy requested changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you also update the docs with example please?

@duzumaki duzumaki force-pushed the master branch 9 times, most recently from f637143 to ad919f9 Compare October 17, 2024 17:14
@duzumaki duzumaki force-pushed the master branch 2 times, most recently from 481a97d to 06d8487 Compare October 17, 2024 17:30
@duzumaki
Copy link
Contributor Author

@auvipy Added device docs

@duzumaki duzumaki force-pushed the master branch 2 times, most recently from bddc462 to 6862c41 Compare October 17, 2024 18:14
@duzumaki duzumaki requested a review from auvipy October 17, 2024 18:24
@auvipy auvipy merged commit bf75322 into oauthlib:master Oct 17, 2024
23 checks passed
@auvipy
Copy link
Contributor

auvipy commented Oct 17, 2024

merging this, but feel free to contribute back if any edge case arises

@duzumaki duzumaki mentioned this pull request Oct 30, 2024
Open
@duzumaki duzumaki mentioned this pull request Jan 10, 2025
Open
5 tasks
@JonathanHuot JonathanHuot added this to the 3.3.0 milestone May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@auvipy auvipy auvipy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@duzumaki @auvipy @JonathanHuot
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy