feat: Add support for device code grant #229

SimonVanacco · 2025-03-25T18:24:27Z

This PR adds support for device code grants, which has been available for some time in oauth2-server

Ready to be tested, I'd love to get some feedback if you think some areas could be improved !

Design considerations

I've decided to let end-users handle the device code verification page on their own. This is to prevent having to require twig in the bundle itself and create more complexity to accommodate all use cases. An example controller has been added in the documentation
This does not support verification_uri_complete, only verification_uri
Logic for code approval is in DeviceCodeRepository::approveDeviceCode. I was unable to re-use the logic from oauth2-server as they fetch the code by "device_code" instead of by "user_code". Not sure if this is a mistake in the parent bundle or some use-case I don't understand, but it does not accommodate most people use-cases. I'm open to moving the logic somewhere else if you find a better place for it !
I've added some basic tests but this is not my strong suit : please let me know if I missed something :)

chalasr

Thanks for the PR! Can you rebase it? Here are some comments also

docs/device-code-grant.md

src/Manager/Doctrine/DeviceCodeManager.php

SimonVanacco · 2025-04-26T08:27:32Z

Hi @chalasr

I'm not entirely sure I understood correctly what you wanted for the docs/device-code-grant.md improvements, but I tried my best to fit to your feedback :)

PR is rebased !

Mika56 · 2025-10-20T08:47:17Z

Interested in this PR, but there's been no activity for a few months. Anything we can do to help?

Renrhaf · 2025-10-21T11:26:16Z

+1 interested as well !

ajgarlag

Thank you for your work here. I've managed to create a working demo. I've reviewed your code and added some suggestions.

ajgarlag · 2025-11-07T10:28:04Z

src/DependencyInjection/Configuration.php

+                ->scalarNode('device_code_polling_interval')
+                    ->info('How soon (in seconds) can the device code be used to poll for the access token without being throttled')
+                    ->defaultValue(5)
+                ->end()


I'd like to have an option to enable verification_uri_complete generation, and another one to enable polling interval visibility in the device authorization response.

Suggested change

->scalarNode('device_code_polling_interval')

->info('How soon (in seconds) can the device code be used to poll for the access token without being throttled')

->defaultValue(5)

->end()

->booleanNode('enable_device_code_verification_uri_complete_generation')

->info('Whether to enable the generation of verification_uri_complete')

->defaultTrue()

->end()

->scalarNode('device_code_polling_interval')

->info('How soon (in seconds) can the device code be used to poll for the access token without being throttled')

->defaultValue(5)

->end()

->booleanNode('enable_device_code_polling_interval_visibility')

->info('Whether to enable the visibility of polling interval')

->defaultTrue()

->end()

ajgarlag · 2025-11-07T10:29:42Z

src/Manager/DeviceCodeManagerInterface.php

+    /**
+     * @param bool $persist Set to true when creating a new device code
+     */
+    public function save(DeviceCodeInterface $deviceCode, bool $persist = true): void;


We can get rid of the boolean argument, like any other manager.

Suggested change

/**

* @param bool $persist Set to true when creating a new device code

*/

public function save(DeviceCodeInterface $deviceCode, bool $persist = true): void;

public function save(DeviceCodeInterface $deviceCode): void;

ajgarlag · 2025-11-07T10:31:27Z

src/Repository/ClientRepository.php

    }

-    private function buildClientEntity(ClientInterface $client): ClientEntity
+    public function buildClientEntity(ClientInterface $client): ClientEntity


Why is this changed needed?

ajgarlag · 2025-11-07T10:47:05Z

src/Repository/DeviceCodeRepository.php

+        $deviceCode = $this->deviceCodeManager->find($deviceCodeEntity->getIdentifier());
+        $newDeviceCode = false;
+
+        if ($deviceCode) {
+            if ($deviceCodeEntity->getLastPolledAt()) {
+                $deviceCode->setLastPolledAt($deviceCodeEntity->getLastPolledAt());
+            }
+        } else {
+            $newDeviceCode = true;
+            $deviceCode = $this->buildDeviceCodeModel($deviceCodeEntity);
+        }
+
+        $this->deviceCodeManager->save($deviceCode, $newDeviceCode);


I think there is no need to update the lastPolledAt property. DeviceGrant is already doing it

I think this method should build a new DeviceCode model if not exists (buildDeviceCodeModel), or update it (I would add a updateDeviceCodeModel method) with the values of the received DeviceCodeEntityInterface and finally save it to the DeviceManagerInteface

ajgarlag · 2025-11-07T11:16:18Z

src/DependencyInjection/Configuration.php

+                ->scalarNode('device_code_verification_uri')
+                    ->info('The full URI the user will need to visit to enter the user code')
+                    ->defaultValue('')
+                ->end()


It would be great if we could use a route name here too. If we detect that the value is not an absolute path nor and absolute URL, we could use the URL generator service to generate the URI.

ajgarlag · 2025-11-07T12:39:17Z

src/Repository/DeviceCodeRepository.php

+        $this->deviceCodeManager->save($deviceCode, $newDeviceCode);
+    }
+
+    public function approveDeviceCode(string $userCode, string $userId): void


I'm not sure whether this method should be included in the bundle. I've created a working demo that doesn't use this it.

Either way, I'll move this method to the DeviceCodeManagerInterface and rename it resolveDeviceCode, adding a third required boolean parameter to indicate whether the request has been approved.

SimonVanacco mentioned this pull request Mar 25, 2025

Discussion : support for device authorization flow (RFC8628) #226

Closed

chalasr requested changes Apr 17, 2025

View reviewed changes

docs/device-code-grant.md Outdated Show resolved Hide resolved

docs/device-code-grant.md Outdated Show resolved Hide resolved

docs/device-code-grant.md Show resolved Hide resolved

src/Manager/Doctrine/DeviceCodeManager.php Show resolved Hide resolved

SimonVanacco added a commit to SimonVanacco/oauth2-server-bundle that referenced this pull request Apr 26, 2025

fix: feedback from PR thephpleague#229

76db145

SimonVanacco added 2 commits April 26, 2025 10:09

feat: Add support for device code grant

aff8bfb

fix: lint and static analysis

515c942

SimonVanacco force-pushed the master branch from ba183bf to 515c942 Compare April 26, 2025 08:22

fix: feedback from PR thephpleague#229

3d3ceaa

ajgarlag suggested changes Nov 7, 2025

View reviewed changes

feat: Add support for device code grant #229

Are you sure you want to change the base?

feat: Add support for device code grant #229

Uh oh!

Conversation

SimonVanacco commented Mar 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Design considerations

Uh oh!

chalasr left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SimonVanacco commented Apr 26, 2025

Uh oh!

Mika56 commented Oct 20, 2025

Uh oh!

Renrhaf commented Oct 21, 2025

Uh oh!

ajgarlag left a comment

Choose a reason for hiding this comment

Uh oh!

ajgarlag Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

ajgarlag Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

ajgarlag Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

ajgarlag Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

ajgarlag Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

ajgarlag Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

SimonVanacco commented Mar 25, 2025 •

edited

Loading