Implement OAuth 2.0 Device Authorization Grant (RFC 8628)#75
Closed
It seems like it's a bit too restrictive to use the `client_secret` in the standard OAuth authorization code flow with a `localhost` redirect URI, especially on Microsoft services. Many users of corporate Microsoft accounts (for me, in a university setting) do not have the capability to register an OAuth application to their tenant, and it seems like this is affecting even personal Outlook accounts now (#73). This PR addresses this by implementing the alternative OAuth device code flow, whereby the user has to manually input an authorization code when logging in, i.e.: ``` Visit: https://microsoft.com/devicelogin and enter the code: AA8DVLGU8 ``` For example, Mozilla Thunderbird uses this flow to authenticate OAuth accounts now also. Example working config excerpt: ```yaml services: microsoft: auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/devicecode client_id: 9e5f94bc-e8a4-4e73-b8be-63364c29d753 tenant: common ``` Related issues: #73 #74 #41
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by NickHu and has received 6 comments.
Add a comment
Comment form would go here