Using the Device Authentication Flow

== Update your client to enable Device Flow ==

Not available through the UI yet, use the [[lab notebook>>https://lab.ch.ebrains.eu/hub/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client%20-%20V2.ipynb]]

4

5

Add an attribute to the client JSON and update it

(% class="box" %)

(((

"attributes": {

"oauth2.device.authorization.grant.enabled": true

}

)))

== Request a code ==

curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth/device' \

19

--header 'Content-Type: application/x-www-form-urlencoded' \

20

--data-urlencode 'client_id=yourClientId' \

21

--data-urlencode 'client_secret=yourClientSecret'

Secret is not require for public client.

26

\\The API will answer with a link

{

"device_code":"0zQm[...]e5h5kUvNYx0",

31

"user_code":"IWBR-DDY",

32

"verification_uri":"https://iam.ebrains.eu/auth/realms/hbp/device",

33

"verification_uri_complete":"https://iam.ebrains.eu/auth/realms/hbp/device?user_code=IWBR-DDYK",

"expires_in":600,

"interval":5

}

== Visit the link to validate your code ==

40

41

Here you just need to visit the link in verification_uri_complete to validate your login and consent

42

43

== Request your access token ==

44

45

Now you just need to request your access token, you need to enter the device_code provided in the first call above

(% class="box" %)

(((

curl ~-~-location ~-~-request POST '[[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token'>>url:https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token']]; \

50

51

~-~-header 'Content-Type: application/x-www-form-urlencoded' \

52

53

~-~-data-urlencode 'device_code=0zQm[...]e5h5kUvNYx0' \

54

55

~-~-data-urlencode 'client_id=your-client' \

56

~-~-data-urlencode 'client_secret=your-secret' \

57