Device Authorization Grant - how to represent multiple devices

We are trying to integrate Device Authorization Grant.
We have successfully created a single client that represents all devices (e.g. client is something generic like “smart_tv” and there maybe multiple TV devices around). We have successfully managed to obtain tokens on our devices using Device Authorization Grant flow.

But the idea is that one user needs to grant access to multiple devices.

As far as we can see, as long as we are granting access (using verification_uri_complete) from a single browser session, they are represented as a single client entry in a single session. I.e. we can see that the user has a session associated with the client that represents device, but there is no way to find that acutally 5 different devices obtained their tokens.
This means, that we are not able to “log out” devices selectively - we can only terminate the session for all devices at once.

Is it intended behaviour?

Also, is it OK to model device type as a single client? Or maybe we should create a new client for each instance of a device? But this seems odd, because we might need to support thousands of such devices.

1 Like