docs: add device flow documentation #2026
Merged
+185
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 tasks
vinckr
requested changes
Feb 21, 2025
Member
vinckr
left a comment
vinckr
left a comment
There was a problem hiding this comment.
thanks so much, this already looks great!
left a couple of comments to bring the doc in line with our docs style guide.
content wise this looks very good - I did not test it out in practice though
Member
|
as for the place of the doc and also place in the sidebar we can check what the best place is once its ready to merge. @christiannwamba is currently working on a restructure of the docs, so depending on when its ready to merge we might have a different place for it. |
Contributor
Author
|
Thanks for the review @vinckr. I think I applied all of the requested changes, please have another look when you can. |
nsklikas
force-pushed
the
master
branch
3 times, most recently
from
da5525d to
7acc1cb
Compare
Member
|
We should probably add to the oauth2 quickstart this command chain as well, to try it out quickly: Of course not with go run . but with the ory cli prefix. We'll need to release that then first and can then merge the docs, which also kinda makes sense as we need to release this stuff in any case before merging it as it would be confusing to users/customers |
aeneasr
previously requested changes
Feb 26, 2025
Member
aeneasr
left a comment
aeneasr
left a comment
There was a problem hiding this comment.
Looks like there were some merge conflicts incorrectly addressed, can you please revert all non-relevant changes for this PR?
aeneasr
pushed a commit
to ory/hydra
that referenced
this pull request
Feb 26, 2025
This patch introduces the OAuth 2.0 Device Authorization Grant to Ory Hydra. The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained to the extent that requiring the user to input text in order to authenticate during the authorization flow is impractical. It enables OAuth clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorization to access protected resources by using a user agent on a separate device. The OAuth 2.0 Device Authorization Grant may also become relevant for AI Agent authentication flows and is generally an amazing step and innovation for this project. A very special thanks goes to @nsklikas from [Canonical](https://canonical.com), @supercairos from [shadow.tech](https://shadow.tech) and @BuzzBumbleBee. For more details, please check out the documentation (ory/docs#2026) To implement this feature, you will need to implement two additional screens in your login and consent application. A reference implementation can be found [here](https://github.com/ory/hydra-login-consent-node/blob/99ca6ad544f64110706c289dda74c7c622ec3110/src/routes/device.ts). Closes #3851 Closes #3252 Closes #3230 Closes #2416
vinckr
reviewed
Feb 26, 2025
Member
vinckr
left a comment
vinckr
left a comment
There was a problem hiding this comment.
this is looking great from my POV.
some "nits" that might improve readability, feel free to include or not.
Member
|
can you take another quick look please @aeneasr ? It looks fine to me now, but I want to make sure before we merge. |
zepatrik
reviewed
Oct 21, 2025
Member
zepatrik
left a comment
zepatrik
left a comment
There was a problem hiding this comment.
I think we can also merge as is and refine this later, but the current state is still pretty basic. I added some ideas for improvements.
Later we should specifically add these sections or sub-pages:
- how to get a refresh token
- concrete use-cases and recommended configuration
zepatrik
reviewed
Oct 21, 2025
zepatrik
reviewed
Oct 21, 2025
unatasha8
previously requested changes
Oct 23, 2025
Contributor
unatasha8
left a comment
unatasha8
left a comment
There was a problem hiding this comment.
Added suggestions and comments
Clarified the description of user code entropy options and their implications for user entry.
Updated the description and steps for the Device Authorization Grant to clarify the process and correct terminology.
Added an image to illustrate the device authorization flow.
Added a sequence diagram to illustrate the device authorization flow using Mermaid.
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
vinckr
approved these changes
Nov 10, 2025
Member
vinckr
left a comment
vinckr
left a comment
There was a problem hiding this comment.
lgtm, we can fix smaller issues later on if needed
unatasha8
added a commit
that referenced
this pull request
Nov 12, 2025
* docs: add device flow documentation * chore: Refine device verification UI section wording * chore: Update user code entropy configuration details Clarified the description of user code entropy options and their implications for user entry. * chore: Revise Device Authorization Grant documentation Updated the description and steps for the Device Authorization Grant to clarify the process and correct terminology. * chore: Update device authorization flow steps and formatting * chore: Added image for device authorization flow Added an image to illustrate the device authorization flow. * chore: Fix image path for device authorization flow * chore: Integrate Mermaid diagram for device authorization flow Added a sequence diagram to illustrate the device authorization flow using Mermaid. * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * chore: address review comments and format * chore: add to sidebar * chore: fix grammar and typos --------- Co-authored-by: unatasha8 <una.cogavin@ory.sh> Co-authored-by: Patrik <zepatrik@users.noreply.github.com> Co-authored-by: vinckr <vincent@ory.sh>
vinckr
added a commit
that referenced
this pull request
Nov 12, 2025
* chore: migration guide updates * chore: migration guide updates * chore: migration guide updates * chore: edits to migration guide * docs: updated migration strategies and identity schema content * Update docs/migrate-to-ory/migrate/create-project.mdx Co-authored-by: Jonas Hungershausen <jonas.hungershausen@ory.sh> * docs: final review comments * chore: format * chore: formatting fixes * chore: fixed tabs again * chore: formatting fixes * chore: fix formating * chore: fix formatting * chore: fix formating again * Update docs/migrate-to-ory/migrate/migrate-strategies.mdx Co-authored-by: Jonas Hungershausen <jonas.hungershausen@ory.sh> * docs: switch to calendar-based unified versioning (#2326) * docs: switch to calendar-based unified versioning * Update docs/ecosystem/upgrading.mdx * Update docs/ecosystem/upgrading.mdx * Update docs/ecosystem/upgrading.mdx * Update docs/ecosystem/upgrading.mdx * Update docs/ecosystem/upgrading.mdx * Update docs/ecosystem/upgrading.mdx * chore: format --------- Co-authored-by: unatasha8 <una.cogavin@ory.sh> Co-authored-by: vinckr <vincent@ory.sh> * docs: add device flow documentation (#2026) * docs: add device flow documentation * chore: Refine device verification UI section wording * chore: Update user code entropy configuration details Clarified the description of user code entropy options and their implications for user entry. * chore: Revise Device Authorization Grant documentation Updated the description and steps for the Device Authorization Grant to clarify the process and correct terminology. * chore: Update device authorization flow steps and formatting * chore: Added image for device authorization flow Added an image to illustrate the device authorization flow. * chore: Fix image path for device authorization flow * chore: Integrate Mermaid diagram for device authorization flow Added a sequence diagram to illustrate the device authorization flow using Mermaid. * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * Update docs/oauth2-oidc/device-authorization.mdx Co-authored-by: Patrik <zepatrik@users.noreply.github.com> * chore: address review comments and format * chore: add to sidebar * chore: fix grammar and typos --------- Co-authored-by: unatasha8 <una.cogavin@ory.sh> Co-authored-by: Patrik <zepatrik@users.noreply.github.com> Co-authored-by: vinckr <vincent@ory.sh> * fix: high-perf pooling doc (#2332) * fix: high-perf pooling doc * chore: apply suggestion from code review Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com> * chore: apply suggestion from code review Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com> * chore: apply suggestions from code review Co-authored-by: Arne Luenser <arne.luenser@ory.sh> * chore: omit slop --------- Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Arne Luenser <arne.luenser@ory.sh> * chore(docs): update of OEL images (#2337) chore(docs): update OEL image tag * autogen(docs): generate cli docs * autogen(docs): generate cli docs * autogen(docs): generate cli docs * chore: added oel configuration schemas (#2279) * WIP * temp hack for oathkeeper schema id * temp hack for oathkeeper schema id * revert schema urls * - added new config pages for OEL - updated dep - resolve internal refs in ory resolvers correctly * docs: bump to 99e1d24edde1c46372cb61a1839961fde59dba8b * chore: clarify webhook config update (#2339) * fix: organizations docs (#2334) * feat: flutter quickstart (#2241) * flutter quickstart update * updating docs to handle the .env misnaming in the pubspec and the port mismatch * resolving default import issue with mdx for .env ref * doc change for flutter quickstart * fix: format * update: pubspec.lock * update: pubspec * update: pubspec to higher version * update: packages * debug: test * debug: test * upgrade: flutter to latest version| * remove: web renderer option for flutter * feat: add kratos webhook header allowlist config details (#2100) * feat: add kratos webhook header allowlist config details Signed-off-by: Mia <m@yarn.network> * fix: wording Signed-off-by: Mia <m@yarn.network> --------- Signed-off-by: Mia <m@yarn.network> * chore: migration guide updates * chore: migration updates * chore: migration guide updates * chore: update migration guide --------- Signed-off-by: Mia <m@yarn.network> Co-authored-by: Jonas Hungershausen <jonas.hungershausen@ory.sh> Co-authored-by: Adam Wałach <adam.walach@gmail.com> Co-authored-by: vinckr <vincent@ory.sh> Co-authored-by: Nikos Sklikas <nikos.sklikas@canonical.com> Co-authored-by: Patrik <zepatrik@users.noreply.github.com> Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Arne Luenser <arne.luenser@ory.sh> Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> Co-authored-by: Deepak Prabhakara <deepak.prabhakara@ory.sh> Co-authored-by: Parth <46842784+pi1814@users.noreply.github.com> Co-authored-by: Mia <m@yarn.network>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue or Design Document
Adds docs for the device flow as implemented in ory/hydra#3912.
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
Further comments
I am not sure if this is the right place to place the doc, The rest of the docs in that folder do not reference hydra configurations, but the docs in the hydra folder do not seem to document oauth2/oidc flows. Please let me know if there is a better place for it.