OAuth 2.0 Device Authorization Grant

Hi there,

We have new need in the organisation and we have to provide device authorization flow for device on with input is complex.

the flow is described here : keycloak-community/oauth2-device-authorization-grant.md at master · keycloak/keycloak-community · GitHub

But I can’t find any official doc about it. Is it implemented, plan to be or … ?

any help is much appreciated

have a good day

Ok seems I’m kind of lucky, this flow is available in keycloak 13.0 released last week :slight_smile:

Or maybe not so lucky as it seems to be implemented but yet there is no documentation.

There is no official documentation yet (“We need to add explanation about supporting the spec into keycloak-documentation”), but the “How to try it” (keycloak-community/oauth2-device-authorization-grant.md at master · keycloak/keycloak-community · GitHub) section in the doc gives decent instructions. Have you tried that? I went through it with Keycloak 13, and everything works. Let us know if you have specific questions.

Hi, i have this issue.
I cant enable OAuth 2.0 Device Grant Enabled as a public client only as private.
How do i enable it as public ?
I’m on ver 13

It may help if someone is looking for this thread
For Device flow

If you have Access Type set as public then you can use the device end point without client secret
curl --location --request POST ‘http://localhost:8080/auth/realms/Communi5/protocol/openid-connect/auth/device
–data-urlencode ‘client_id=c5client’

However, if you have the Access Type set as confidential then you need to specify the client secret as well.

These settings are available in Clients page of keycloak.

1 Like