Draft: POC Add doorkeeper device auth support
What does this MR do and why?
Adds support for OAuth2 device grant flow
This adds support for OAuth device authorization grant using the doorkeeper_device_authorization_grant
gem.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
-
Create a non-confidential OAuth2 application. Make a note of the client ID generated for step 2.
-
Run the following command to get a device code and authorization URL
curl -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -d 'client_id=<applicationid/clientid from Step 1>&scope=api' \ http://localhost:3000/oauth/authorize_device
-
You will receive a response such as the following:
{
"device_code":"abcd",
"user_code":"NHJ1YLTF",
"verification_uri":"http://localhost:3000/oauth/device",
"verification_uri_complete":"http://localhost:3000/oauth/device?user_code=NHJ1YLTF",
"expires_in":300,
"interval":5
}
Make a note of the Device Code and Verification URL complete for the next step.
- Open up the verification URL and click on
Authorize
- Make another
curl
request to fetch theaccess_token
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'client_id=<client id from step 1>&grant_type=urn:ietf:params:oauth:grant-type:device_code&device_code=<device code from step 3>' \
http://localhost:3000/oauth/token
Edited by Shekhar Patnaik