Skip to content

Draft: POC Add doorkeeper device auth support

Shekhar Patnaik requested to merge spatnaik/enable_oauth_device_grant_flow into master

What does this MR do and why?

Adds support for OAuth2 device grant flow

This adds support for OAuth device authorization grant using the doorkeeper_device_authorization_grant gem.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Create a non-confidential OAuth2 application. Make a note of the client ID generated for step 2.

  2. Run the following command to get a device code and authorization URL

    curl -X POST \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'client_id=<applicationid/clientid from Step 1>&scope=api' \
    http://localhost:3000/oauth/authorize_device

  3. You will receive a response such as the following:

{
    "device_code":"abcd",
    "user_code":"NHJ1YLTF",
    "verification_uri":"http://localhost:3000/oauth/device",
    "verification_uri_complete":"http://localhost:3000/oauth/device?user_code=NHJ1YLTF",
    "expires_in":300,
    "interval":5
}

Make a note of the Device Code and Verification URL complete for the next step.

  1. Open up the verification URL and click on Authorize
  2. Make another curl request to fetch the access_token 
curl -X POST \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'client_id=<client id from step 1>&grant_type=urn:ietf:params:oauth:grant-type:device_code&device_code=<device code from step 3>' \
    http://localhost:3000/oauth/token
Edited by Shekhar Patnaik

Merge request reports