Skip to content

Device Flow

Spicy — senior dev territorySecurity

ELI5 — The Vibe Check

Device Flow is OAuth for devices without a browser or keyboard — smart TVs, CLI tools, IoT devices. The device shows you a code, you go to a URL on your phone, enter the code, and the device gets authenticated. It's how you log into Netflix on your TV by typing a code on your phone. OAuth for stuff that can't show a login page.

Real Talk

OAuth 2.0 Device Authorization Grant (RFC 8628) enables authentication on devices with limited input capabilities. The device requests a user_code and verification_uri, displays them to the user, and polls the authorization server. The user authorizes on a separate device (phone/computer). Used by CLI tools (GitHub CLI, AWS CLI), TVs, and IoT devices.

When You'll Hear This

"GitHub CLI uses Device Flow — it shows you a code to enter at github.com/login/device." / "Device Flow is perfect for CLI tools that can't open a browser callback."

Related Terms

Authentication (AuthN)

Authentication is proving you are who you say you are.

beginnerSecurity

Authorization (AuthZ)

Authorization is deciding what you're allowed to do after you've proven who you are.

beginnerSecurity

CLI (Command Line Interface)

CLI is just the fancy term for any tool you use by typing commands instead of clicking buttons.

beginnerGeneral Dev

OAuth2

OAuth2 is the updated version of OAuth that everyone actually uses today.

intermediateBackend
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.