This is functionally equivalent to polling, as far as the spec is concerned. Instead of it being a timeout-based poll, it’s an interaction-based poll. Either way, the device makes a new HTTP request to the AS to see if the device code is good or not, and either option is possible at that point as far as the device knows— the user could go mash buttons as fast as possible without ever entering the user code.
In practice, this isn’t very likely to happen, as it requires additional steps for the user and makes for a more clunky experience. If anything, we might see it as an optimization in some environments for some clients. In any event, it’s not any different from the spec’s perspective. — Justin > On Jun 28, 2017, at 8:27 AM, Rifaat Shekh-Yusef <[email protected]> wrote: > > Hi (as individual), > > I have reviewed the Device Flow document, and I have a question about the > polling part. > The current draft is calling for the Device Client to poll the AS for a token > (steps E & F of Figure 1). > > Presumably, the process started with the user pushing some button on the > Device Client to initiate the process. > One way to avoid the need for polling is for the Device Access Token Request > to be sent to the AS only after the user for example pushed that same button > again. > This would allow the user to perform steps C and D to authorize the device, > and then push the button again to get the token. > > Thoughts? > > Regards, > Rifaat > > > On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <[email protected] > <mailto:[email protected]>> wrote: > All, > > We are starting a WGLC on the Device Flow document: > https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06 > <https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06> > > Please, review the document and provide feedback on any issues you see with > the document. > > The WGCL will end in two weeks, on June 16, 2017. > > Regards, > Rifaat and Hannes > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
