Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/oauth2: Device authorization grant #58126

Closed
hickford opened this issue Jan 28, 2023 · 11 comments
Closed

x/oauth2: Device authorization grant #58126

hickford opened this issue Jan 28, 2023 · 11 comments
Labels
Proposal Proposal-Accepted
Milestone
Backlog

Comments

@hickford
Copy link

hickford commented Jan 28, 2023
edited by rsc

issue golang/oauth2#418

Objective: support OAuth 2.0 Device Authorization Grant, RFC 8628 (Proposed Standard since 2019)

Add DeviceAuthURL field to type Endpoint

type Endpoint struct {
	AuthURL       string
+	DeviceAuthURL string
	TokenURL      string

Define a function to make the Device Authorization response and define a new struct to hold the response.

// DeviceAuth makes the RFC 8628 Device Authorization request and
// returns the response or an error. 
// https://www.rfc-editor.org/rfc/rfc8628#section-3.1
func (c *Config) DeviceAuth(ctx context.Context, opts ...AuthCodeOption) (*DeviceAuthResponse, error)

// DeviceAuthResponse holds the RFC 8628 Device Authorization Response.
// https://www.rfc-editor.org/rfc/rfc8628#section-3.2
type DeviceAuthResponse struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
	// Expiry is derived from the expires_in parameter in the response.
        Expiry               time.Time    `json:"expires_in,omitempty"`
	Interval                int    `json:"interval,omitempty"`
}

func (r *DeviceAuthResponse) UnmarshalJSON([]byte) error

func (r DeviceAuthResponse) MarshalJSON() ([]byte, error)

Note that Expiry is a time.Time even though the RFC 8628 json parameter expires_in is an int counting seconds. This convenience follows the design of oauth2.Token.Expiry. Custom JSON marshalling is necessary.

// Poll makes the device access token request until it receives a
// token response or a fatal error.
// https://www.rfc-editor.org/rfc/rfc8628#section-3.4
func (c *Config) DeviceAccessToken(ctx context.Context, da *DeviceAuthResponse, opts ...AuthCodeOption) (*Token, error)

Here's a change including implementation golang/oauth2#609

Working example of an app using the proposed API to add support for headless devices in ~20 lines https://github.com/hickford/git-credential-oauth/pull/9/files#diff-2873f79a86c0d8b3335cd7731b0ecf7dd4301eb19a82ef7a1cba7589b5252261
@gopherbot gopherbot added this to the Proposal milestone Jan 28, 2023
@hickford hickford mentioned this issue Feb 27, 2023
Closed
@rsc
Copy link
Contributor

rsc commented Mar 29, 2023

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

@rsc
Copy link
Contributor

rsc commented Apr 5, 2023

/cc @rolandshoemaker

@rolandshoemaker
Copy link
Member

Seems like there is a desire for this (based on the handful of partial implementations that appear to exist). Based on a quick skim of the RFC the proposed API looks reasonable, although Poll seems like a confusing method name. Perhaps DeviceAccessToken would make more sense, the polling behavior can be documented in the comment.

@hickford
Copy link
Author

Poll seems like a confusing method name. Perhaps DeviceAccessToken would make more sense, the polling behavior can be documented in the comment.

Good idea. I'll update the proposal

@rsc
Copy link
Contributor

rsc commented Jul 5, 2023

I updated the top comment to change the method name from Poll to DeviceAccessToken?

Are there any other remaining concerns?

@hickford hickford mentioned this issue Jul 8, 2023
Closed
@rsc
Copy link
Contributor

rsc commented Jul 12, 2023

Based on the discussion above, this proposal seems like a likely accept.
— rsc for the proposal review group

@rsc
Copy link
Contributor

rsc commented Jul 19, 2023

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— rsc for the proposal review group

@rsc rsc changed the title proposal: x/oauth2: Device authorization grant x/oauth2: Device authorization grant Jul 19, 2023
@rsc rsc modified the milestones: Proposal, Backlog Jul 19, 2023
@hickford
Copy link
Author

Implementation ready for review at https://go-review.googlesource.com/c/oauth2/+/450155

@hickford hickford mentioned this issue Jul 20, 2023
Closed
@hickford
Copy link
Author

hickford commented Aug 3, 2023

@rsc @rolandshoemaker I've added you as reviewers at https://go-review.googlesource.com/c/oauth2/+/450155

@hickford
Copy link
Author

@bcmills https://go-review.googlesource.com/c/oauth2/+/450155 is ready for review

@gopherbot
Copy link

Change https://go.dev/cl/450155 mentions this issue: oauth2: support device flow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal Proposal-Accepted
Projects
Proposals
Status: Accepted
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

oauth2: support device flow hickford/oauth2
4 participants
@rsc @hickford @rolandshoemaker @gopherbot