Spec for MSC4341: Support for RFC 8628 Device Authorization Grant#2320
Open
hughns wants to merge 2 commits intomatrix-org:mainfrom
Open
Spec for MSC4341: Support for RFC 8628 Device Authorization Grant#2320hughns wants to merge 2 commits intomatrix-org:mainfrom
hughns wants to merge 2 commits intomatrix-org:mainfrom
Conversation
Merged
4 tasks
sandhose
reviewed
Feb 24, 2026
| {{% added-in v="1.18" %}} | ||
|
|
||
| The device authorization flow allows clients on devices with limited input | ||
| capabilities (such as CLI applications or embedded devices) to obtain an |
Member
There was a problem hiding this comment.
I would argue that it's also useful for native desktop apps. I can see how Element Web could switch to it on desktop, as sometimes the redirect isn't reliable
| | `device_code` | The device verification code. | | ||
| | `user_code` | An end-user verification code. | | ||
| | `verification_uri` | The end-user verification URI on the authorization server. | | ||
| | `verification_uri_complete` | Optionally, the URI including the `user_code`, so the user does not need to type it in manually. | |
Member
There was a problem hiding this comment.
It technically doesn't require the user_code in the URI but rather information that substitutes the end-user entering that code
The RFC says
OPTIONAL. A verification URI that includes the "user_code" (or
other information with the same function as the "user_code"),
which is designed for non-textual transmission.
Suggested change
| | `verification_uri_complete` | Optionally, the URI including the `user_code`, so the user does not need to type it in manually. | | |
| | `verification_uri_complete` | Optionally, the URI which doesn't require the user to manually type the `user_code`, designed for non-textual transmission. | |
Comment on lines
+70
to
+71
| URL of the token endpoint, necessary to use the authorization code grant, | ||
| device authorization grant and the refresh token grant. |
Member
There was a problem hiding this comment.
Suggested change
| URL of the token endpoint, necessary to use the authorization code grant, | |
| device authorization grant and the refresh token grant. | |
| URL of the token endpoint, necessary to use the authorization code grant, | |
| device authorization grant and refresh token grant. |
or
Suggested change
| URL of the token endpoint, necessary to use the authorization code grant, | |
| device authorization grant and the refresh token grant. | |
| URL of the token endpoint, necessary to use the authorization code grant, | |
| the device authorization grant and the refresh token grant. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For MSC4341.
Pull Request Checklist
Signed-off-by: Hugh Nimmo-Smith hughns@element.io
Preview: https://pr2320--matrix-spec-previews.netlify.app