Protocol Action: 'OAuth 2.0 Device Authorization Grant' to Proposed Standard (draft-ietf-oauth-device-flow-15.txt)

The IESG <> Wed, 27 March 2019 09:08 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 22D0C12027D; Wed, 27 Mar 2019 02:08:34 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: "IETF-Announce" <>
Subject: Protocol Action: 'OAuth 2.0 Device Authorization Grant' to Proposed Standard (draft-ietf-oauth-device-flow-15.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.94.1
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <>,, Rifaat Shekh-Yusef <>,,,,,
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <>
Date: Wed, 27 Mar 2019 02:08:34 -0700
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Mar 2019 09:08:38 -0000

The IESG has approved the following document:
- 'OAuth 2.0 Device Authorization Grant'
  (draft-ietf-oauth-device-flow-15.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Benjamin Kaduk and Eric Rescorla.

A URL of this Internet Draft is:

Technical Summary

  This OAuth 2.0 authorization flow for browserless and input constrained devices, often referred to as the device flow, enables OAuth clients to request user authorization from devices that have an Internet connection, but don't have an easy input method (such as a smart TV, media console, picture frame, or printer), or lack a suitable browser for a more traditional OAuth flow.  This authorization flow instructs the user to perform the authorization request on a secondary device, such as a smartphone.  There is no requirement for communication between the constrained device and the user's secondary device.

Working Group Summary

  The device flow used to be part of the OAuth 2.0 specification, but it was later moved to its own separate document based on the WG feedback and support:

The WG document received many reviews and feedbacks from multiple WG members on the mailing list and during the WG meetings.

Document Quality

The document has been implemented by Google, Facebook, Microsoft, ForgeRock, Salesforce, Curity Identity Server, and MITREid Connect.

Also, it seems that ETSI has a specification based on this document:

There is also a different use for this mechanism as stated here:


The document shepherd is Rifaat Shekh-Yusef. 
The responsible Area Director is Eric Rescorla.