TelenorID+ Device Authorization Endpoint

/deviceauthorization

The /deviceauthorization API is used to to start a end-user login from a device without good text input. Eg. T-we setupboxes, smart-TV’s. This endpoint implements the RFC 8628 standard.

Prerequists

This end-point sets the following prerequists to the device and the end-user:

The device is already connected to the Internet.
The device is able to make outbound HTTPS requests.
The device is able to display or otherwise communicate a URI and code sequence to the user.
The user has a secondary device (e.g., personal computer or smartphone) from which they can process the request.

Flow

  +----------+                                +----------------+
  |          |>---(A)-- Client Identifier --->|                |
  |          |                                |                |
  |          |<---(B)-- Device Code,      ---<|                |
  |          |          User Code,            |                |
  |  Device  |          & Verification URI    |                |
  |  Client  |                                |                |
  |          |  [polling]                     |                |
  |          |>---(E)-- Device Code       --->|                |
  |          |          & Client Identifier   |                |
  |          |                                |  Authorization |
  |          |<---(F)-- Access Token      ---<|     Server     |
  +----------+   (& Optional Refresh Token)   |                |
        v                                     |                |
        :                                     |                |
       (C) User Code & Verification URI       |                |
        :                                     |                |
        v                                     |                |
  +----------+                                |                |
  | End User |                                |                |
  |    at    |<---(D)-- End user reviews  --->|                |
  |  Browser |          authorization request |                |
  +----------+                                +----------------+

See the RFC 8628 standard for a more detailed description of the flow chart.

Input

The endpoint supports HTTP GET

Parameter	Description	Required
`client_id`	identifier of the client	True
`client_secret`	client secret either in the post body, or as a basic authentication header.	False
`scope`	one or more registered scopes, see more info here	True

Response

Parameter	Description	Required
`device_code`	identifier of the client	True
`user_code`	A 9 digit verification code	False
`verification_uri`	The end-user verification URI on the authorization server. Default to: https://id.telenor.no/activate	True
`verification_uri_complete`	`verification_uri` + `user_code`, can be used to generate a QR-code that can be scanned by the end-user	True
`expires_in`	The lifetime in seconds of the `device_code` and `user_code`. Default value: `1800` - 30 minutes.	True
`interval`	The minimum amount of time in seconds that the client SHOULD wait between polling requests to the token endpoint. Default value:	True