feat: device authorization RFC 8628 (#5646)

* device auth: implement the write events * add grant type device code * fix(init): check if default value implements stringer --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2025-08-11 21:37:32 +00:00 · 2023-04-19 11:46:02 +03:00
parent 3cd2cecfdf
commit 5819924275
49 changed files with 2313 additions and 38 deletions
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -233,6 +233,8 @@ OIDC:
      Path: /oidc/v1/end_session
    Keys:
      Path: /oauth/v2/keys
+    DeviceAuth:
+      Path: /oauth/v2/device_authorization

 SAML:
  ProviderConfig:
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -12,14 +12,13 @@ import (
 	"syscall"
 	"time"

-	"github.com/zitadel/saml/pkg/provider"
-
 	clockpkg "github.com/benbjohnson/clock"
 	"github.com/gorilla/mux"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v2/pkg/op"
+	"github.com/zitadel/saml/pkg/provider"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"

@@ -294,6 +293,7 @@ func startAPIs(
 		return fmt.Errorf("unable to start login: %w", err)
 	}
 	apis.RegisterHandlerOnPrefix(login.HandlerPrefix, l.Handler())
+	apis.HandleFunc(login.EndpointDeviceAuth, login.RedirectDeviceAuthToPrefix)

 	// handle grpc at last to be able to handle the root, because grpc and gateway require a lot of different prefixes
 	apis.RouteGRPC()