Device Token Flow
You can enable other users to authorize your OAuth app.
You can authenticate Portal users with apps that don't have access to a web browser with the Device Authorization Grant.
Before you can use the device flow to authorize and identify users, you must first create a client that has permission to use the urn:ietf:params:oauth:grant-type:device_code grant type. see Creating Oauth Apps for more info.
Overview of the Device Flow
- Your app requests device and user verification codes and gets the authorization URL where the user will enter the user verification code.
- The app prompts the user to enter a user verification code at ``.
- The app polls for the user authentication status. Once the user has authorized the device, the app will be able to make API calls with a new access token.
1. Request user identity and auth codes
POST https://auth.portalgaming.com/oauth/device/codecurl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=$CLIENT_ID" \
-d "scope=openid" \
-d "audience=$CLIENT_ID" \
https://auth.portalgaming.com/oauth/device/codeThe following parameters are used with this API.
| PARAMETER NAME | TYPE | DESCRIPTION |
|---|---|---|
client_id | string | Your Portal App client ID. |
scope | string | A space-delimited list of scopes. If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application. |
audience | string | https://api.portalgaming.com |
Response
{
"device_code":"Nn1W0-Fh-cnRhuQf77S8RoOoI8Z0a1L1pd0abzhNywk",
"user_code":"NKKJ-WPVL",
"verification_uri":"http://auth.portalgaming.com/oauth/device",
"verification_uri_complete":"http://auth.portalgaming.com/oauth/device?user_code=NKKJ-WPVL",
"expires_in":300
}| PARAMETER NAME | TYPE | DESCRIPTION |
|---|---|---|
device_code | string | The code used to identify the device. |
user_code | string | The code that the user must enter to verify their device. |
verification_uri | string | The URI where the user should go to verify their device. |
verification_uri_complete | string | The complete URI including the user code, where the user should go to verify their device. |
expires_in | string | The duration (in seconds) for which the device and user codes are valid. |
2. Redirect user to submit code
You redirect the user to either verification_uri or verification_uri_complete to continue the flow in browser.
3. App polls to request access token
Your app will make device authorization requests that poll POST https://auth.portalgaming.com/oauth/token, until the device and user codes expire or the user has successfully authorized the app with a valid user code.
Once the user has authorized, the app will receive an access token that can be used to make requests to the API on behalf of a user.
POST https://auth.portalgaming.com/oauth/tokencurl -v -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=1778137d-8652-4a39-bc70-8944107fbe98" \
-d "grant_type=urn:ietf:params:oauth:grant-type:device_code" \
-d "device_code=Nn1W0-Fh-cnRhuQf77S8RoOoI8Z0a1L1pd0abzhNywk" \
https://auth.portalgaming.com/oauth/tokenconst body = new URLSearchParams({
grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
device_code: DEVICE_CODE,
client_id: CLIENT_ID,
});
const response = await fetch(TOKEN_URL, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: body.toString(),
});const body = new URLSearchParams({
grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
device_code: DEVICE_CODE,
client_id: CLIENT_ID,
});
const response = await fetch(TOKEN_URL, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: body.toString(),
});The endpoint takes the following input parameters.
| PARAMETER NAME | TYPE | DESCRIPTION |
|---|---|---|
client_id | string | This should be the UUID of your Portal App |
grant_type | string | urn:ietf:params:oauth:grant-type:device_code |
device_code | string | The device_code returned from the previous step |
Updated 5 months ago