mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-04-25 12:04:09 +02:00
Compare commits
No commits in common. "4ceec843a9296a9daa9dbba76729990d3f002176" and "9c94ec9f4a2b28b980e7549430c6768f9d62c0e3" have entirely different histories.
4ceec843a9
...
9c94ec9f4a
|
|
@ -1888,14 +1888,11 @@ endpoint to get the user ID that owns the access token.
|
||||||
|
|
||||||
{{% added-in v="1.18" %}}
|
{{% added-in v="1.18" %}}
|
||||||
|
|
||||||
The device authorization flow allows clients to obtain an access token without
|
The device authorization flow allows clients on devices with limited input
|
||||||
needing to directly interact with a web browser. Instead, the user completes
|
capabilities (such as CLI applications or embedded devices) to obtain an
|
||||||
authorization on a web browser that can be on a separate device. This is useful
|
access token by having the user complete authorization on a separate device
|
||||||
for devices with limited input capabilities (such as CLI applications or
|
with a web browser. This flow uses the [device authorization
|
||||||
embedded devices) or where the redirect handling may be unreliable (such as a
|
grant](#device-authorization-grant).
|
||||||
desktop applications).
|
|
||||||
|
|
||||||
This flow uses the [device authorization grant](#device-authorization-grant).
|
|
||||||
|
|
||||||
In the context of the Matrix specification, this means requesting a
|
In the context of the Matrix specification, this means requesting a
|
||||||
[scope](#scope) including full client-server API read/write access and
|
[scope](#scope) including full client-server API read/write access and
|
||||||
|
|
@ -1939,7 +1936,7 @@ containing:
|
||||||
| `device_code` | The device verification code. |
|
| `device_code` | The device verification code. |
|
||||||
| `user_code` | An end-user verification code. |
|
| `user_code` | An end-user verification code. |
|
||||||
| `verification_uri` | The end-user verification URI on the authorization server. |
|
| `verification_uri` | The end-user verification URI on the authorization server. |
|
||||||
| `verification_uri_complete` | Optionally, the URI which doesn't require the user to manually type the `user_code`, designed for non-textual transmission. |
|
| `verification_uri_complete` | Optionally, the URI including the `user_code`, so the user does not need to type it in manually. |
|
||||||
| `expires_in` | The lifetime in seconds of the `device_code` and `user_code`. |
|
| `expires_in` | The lifetime in seconds of the `device_code` and `user_code`. |
|
||||||
| `interval` | The minimum number of seconds the client should wait between polling requests to the token endpoint. If omitted, clients should default to 5. |
|
| `interval` | The minimum number of seconds the client should wait between polling requests to the token endpoint. If omitted, clients should default to 5. |
|
||||||
|
|
||||||
|
|
@ -1970,12 +1967,9 @@ specific device characteristics and use case. For example:
|
||||||
- An embedded device with a screen could encode the `verification_uri_complete`
|
- An embedded device with a screen could encode the `verification_uri_complete`
|
||||||
(with fallback to `verification_uri`) as a QR code for the user to scan with
|
(with fallback to `verification_uri`) as a QR code for the user to scan with
|
||||||
their phone.
|
their phone.
|
||||||
- A desktop application running on a platform that does not support callbacks
|
|
||||||
could launch the `verification_uri_complete` (with fallback to
|
|
||||||
`verification_uri`) in the system browser.
|
|
||||||
|
|
||||||
The user opens the verification URI in a web browser, which may be on another
|
The user opens the verification URI in a web browser on another device and
|
||||||
device, and completes authentication and authorization.
|
completes authentication and authorization.
|
||||||
|
|
||||||
**Token polling**
|
**Token polling**
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue