Versions Compared

Old Version 1

changes.mady.by.user Aarthi Raghavendra

Saved on

compared with

New Version 2

changes.mady.by.user Aarthi Raghavendra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Device initiates an authorization request to the EmpowerID Device Authorization Endpoint, https://<EID Server>/oauth/v2/device/authorize

    Code Block
    https://<EID Server>/oauth/v2/device/authorize
?client_id=xxxxxxxxxxxxxxxxxx
 &scope=openid

Request Parameter

Required/Optional

Description

client_id 

required

Must be the EmpowerID OAuth application client identifier.

scope

required

A space-separated list of strings that the user consents to. Values include openid for OpenID Connect flow.

  1. Authorization server responds with the following,

    1. device_code - For the client to track the process

    2. user_code- To present to the user

    3. verification_uri- Where the user can authorize the request on another device

    4. verification_uri_complete- Where the user can authorize the request on another device with embedded user_code

    5. polling_interval- Indicating how often the client should poll for token issuance

    6. expires_in - Lifetime in seconds for the user_codeand device_code

...

  1. The client device (app) periodically polls the token endpoint to check if the user has completed the authorization process. The client uses the device code to poll and the polling interval to prevent excessive requests.

    Code Block
    POST /oauth/v2/token HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

client_id={The Client ID of the OAuth app you registered in EmpowerID}
&client_secret={The Client Secret of the OAuth app you registered in EmpowerID}
&grant_type=urn:ietf:params:oauth:grant-type:device_code
&device_code={The Device Code received in the Authorization Request}

  2. The authorization server responds with either a pending status, an error (if the user has not authorized within the expiry time), or the access token (if the user successfully authorizes).
    Authorization Pending

    Code Block
    HTTP/1.1 400 BadRequest
{
  "error": "authorization_pending",
  "error_description": "Authorization is currently pending. Please try again after a minimum interval of 5 seconds"
}

Slow Down

Code Block
HTTP/1.1 400 BadRequest
{
  "error": "slow_down",
  "error_description": "Interval between request is too short. Minimum interval is 5 seconds"
}

Declined

Code Block
HTTP/1.1 400 BadRequest
{
  "error": "authorization_declined",
  "error_description": "Authorization was declined by the user"
}

Approved / Successful Response

Code Block
{
    "access_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "id_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "id": "xxxxxxxxxxxxxxxxxxxxxx"
}

...