Open Closed

Device Authorization flow - authorizing manually. #8436


User avatar
0
naeem76 created
  • ABP Framework version: v9.0
  • UI Type:MVC
  • Database System: EF Core ( PostgreSQL )
  • Tiered (for MVC) or Auth Server Separated (for Angular): No
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Apologies if this has been asked before, just wanting a quick way to do this. Trying to implement custom grants and it is working well with that, from here. https://github.com/abpframework/abp/blob/b2878b4d3dca82811a5fc1739dee29cc88669eaa/docs/en/Community-Articles/2022-11-14-How-to-add-a-custom-grant-type-in-OpenIddict/POST.md

Now for a default flow when calling the default /device endpoint, and getting a device_code and user_code, how to authorize that manually in my own code without going through cookie authentication in the dashboard, any pointers in the right direction would be appreciated, maybe even with a user that's Bearer authenticated.


3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The device code flow is used to authenticate/generate tokens for a device. e.g., ABP CLI supports this flow. You can try run abp login --device.

    1. it will generate a user code.
    2. open the abpio website. sign in and enter the user code
    3. abp will get an access token.

    The source code : https://github.com/abpframework/abp/pull/10857

  • User Avatar
    0
    naeem76 created

    hi

    The device code flow is used to authenticate/generate tokens for a device. e.g., ABP CLI supports this flow. You can try run abp login --device.

    1. it will generate a user code.
    2. open the abpio website. sign in and enter the user code
    3. abp will get an access token.

    The source code : https://github.com/abpframework/abp/pull/10857

    Yes that is working, I have already tried that, and also implemented the custom grant as well, both are working well in a test abp project. But I am just trying to understand how the default flow works under the hood for authorizing the device, so whatever happens in the /connect/verify POST endpoint, but maybe in my own appservice for example. Or maybe I want to authorize someone else's device code that was received from /device.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Do you want to check the source code of /connect/verify endpoint?

    I can share the source code with you. Please send a email to liming.ma@volosoft.com

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09