You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a client is configured with a client secret, i.e. it's a confidential client, this secret is not sent with the device authorization request (the very first request where you retrieve the DeviceAuthResponse). RFC-8628 states that:
The client authentication requirements of Section 3.2.1 of [RFC6749] apply to requests on this endpoint, which means that confidential clients (those that have established client credentials) authenticate in the same manner as when making requests to the token endpoint, and public clients provide the "client_id" parameter to identify themselves.
In the DeviceAuth (deviceauth.go:82) method, the client_id is always added as a query parameter and the secret is not used. This method should use the same construction as used in newTokenRequest in token.go:183.
The text was updated successfully, but these errors were encountered:
When a client is configured with a client secret, i.e. it's a confidential client, this secret is not sent with the device authorization request (the very first request where you retrieve the
DeviceAuthResponse). RFC-8628 states that:In the
DeviceAuth(deviceauth.go:82) method, theclient_idis always added as a query parameter and the secret is not used. This method should use the same construction as used innewTokenRequestintoken.go:183.The text was updated successfully, but these errors were encountered: