Using the Device Authentication Flow

Version 6.1 by messines on 2024/08/28 13:20

Update your client to enable Device Flow

Not available through the UI yet, use the lab notebook

Add an attribute to the client JSON and update it

            "attributes": {
                "oauth2.device.authorization.grant.enabled": true
            }

Request a code

curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth/device' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=yourClientId' \
--data-urlencode 'client_secret=yourClientSecret'

Secret is not require for public client.

The API will answer with a link

{
  "device_code":"0zQm[...]e5h5kUvNYx0",
  "user_code":"IWBR-DDY",
  "verification_uri":"https://iam.ebrains.eu/auth/realms/hbp/device",
  "verification_uri_complete":"https://iam.ebrains.eu/auth/realms/hbp/device?user_code=IWBR-DDYK",
  "expires_in":600,
  "interval":5
}

Visit the link to validate your code

Here you just need to visit the link in verification_uri_complete to validate your login and consent

Request your access token

Now you just need to request your access token, you need to enter the device_code provided in the first call above

curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'device_code=0zQm[...]e5h5kUvNYx0' \
--data-urlencode 'client_id=yourClientId' \
--data-urlencode 'client_secret=yourClientSecret' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:device_code'

Using the Device Authentication Flow

Update your client to enable Device Flow

Request a code

Visit the link to validate your code

Request your access token

The Collaboratory