Device Authorization Grant¶

OAuth 2.0 Device Authorization Grant (RFC 8628) for devices with limited input capabilities.

Request Models¶

`DeviceAuthorizationRequest(address, client_id, scope='openid', client_secret=None)` `dataclass` ¶

Bases: BaseRequest

Request for OAuth 2.0 Device Authorization (RFC 8628).

Attributes:

Name	Type	Description
`address`	`str`	The device authorization endpoint URL.
`client_id`	`str`	The client identifier.
`scope`	`str`	Space-delimited scopes (default `"openid"`).
`client_secret`	`str \| None`	Client secret (optional for public clients).

`DeviceTokenRequest(address, client_id, device_code, client_secret=None)` `dataclass` ¶

Bases: BaseRequest

Request for polling the token endpoint during device flow (RFC 8628).

Attributes:

Name	Type	Description
`address`	`str`	The token endpoint URL.
`client_id`	`str`	The client identifier.
`device_code`	`str`	The device code from :class:`DeviceAuthorizationResponse`.
`client_secret`	`str \| None`	Client secret (optional for public clients).

Response Models¶

`DeviceAuthorizationResponse(is_successful, error=None, device_code=None, user_code=None, verification_uri=None, verification_uri_complete=None, expires_in=None, interval=None)` `dataclass` ¶

Bases: BaseResponse

Response from the device authorization endpoint (RFC 8628).

Check is_successful before accessing guarded fields. Display user_code and verification_uri to the user, then poll with :class:DeviceTokenRequest.

`DeviceTokenResponse(is_successful, error=None, token=None, error_code=None, interval=None)` `dataclass` ¶

Bases: BaseResponse

Response from a device token poll (RFC 8628).

Check is_successful before accessing token. When is_successful is False, check error_code:

"authorization_pending" - user hasn't authorized yet, poll again
"slow_down" - increase polling interval (see interval)
"expired_token" - device code expired, restart flow
"access_denied" - user denied authorization

error_code and interval are always accessible regardless of is_successful.

Functions¶

`request_device_authorization(request, http_client=None)` ¶

Request device authorization from the device authorization endpoint (RFC 8628).

Parameters:

Name	Type	Description	Default
`request`	`DeviceAuthorizationRequest`	Device authorization request with client credentials.	required
`http_client`	`HTTPClient \| None`	Optional managed HTTP client.	`None`

Returns:

Type	Description
`DeviceAuthorizationResponse`	DeviceAuthorizationResponse with `device_code`, `user_code`,
`DeviceAuthorizationResponse`	and `verification_uri` for user display.

`poll_device_token(request, http_client=None)` ¶

Poll the token endpoint for device authorization completion (RFC 8628).

Makes a single poll attempt. Check error_code on the response to determine whether to continue polling:

"authorization_pending" - poll again after interval seconds
"slow_down" - poll again after interval seconds (increased)
"expired_token" / "access_denied" - stop polling

Parameters:

Name	Type	Description	Default
`request`	`DeviceTokenRequest`	Device token request with device code.	required
`http_client`	`HTTPClient \| None`	Optional managed HTTP client.	`None`

Returns:

Type	Description
`DeviceTokenResponse`	DeviceTokenResponse with `token` on success or `error_code`
`DeviceTokenResponse`	indicating poll status.

Device Authorization Grant¶

Request Models¶

DeviceAuthorizationRequest(address, client_id, scope='openid', client_secret=None) dataclass ¶

DeviceTokenRequest(address, client_id, device_code, client_secret=None) dataclass ¶

Response Models¶

DeviceAuthorizationResponse(is_successful, error=None, device_code=None, user_code=None, verification_uri=None, verification_uri_complete=None, expires_in=None, interval=None) dataclass ¶

DeviceTokenResponse(is_successful, error=None, token=None, error_code=None, interval=None) dataclass ¶