" The device code grant exists for legitimate reasons; I wouldn’t want to type a password into my printer or smart TV when I could use my phone."
i really shouldnt have to use a password to use my printer or my TV, but that spits out a, i really shouldnt have to connect my printer or TV to the internet to use it.
using a third device to authorize login to the second device, initiated by first device acting upon a webpage.
I mean, the device code grant was codified by the IETF in 2019[0]. That is no guarantee that it is 100% secure, but folks have spent time working to make it as safe as possible. There's also a Best Current Practice (BCP) doc[1] and if you have suggestions to improve the flow, they'd be welcomed.
i really shouldnt have to use a password to use my printer or my TV, but that spits out a, i really shouldnt have to connect my printer or TV to the internet to use it.
using a third device to authorize login to the second device, initiated by first device acting upon a webpage.
who is it that thinks this is secure access?