From 82099ce7f31697586a431f17d039e118d251452c Mon Sep 17 00:00:00 2001 From: Konstantinos Georgilakis Date: Tue, 17 Jan 2023 10:33:55 +0200 Subject: [PATCH] Short verification_uri for Device Authorization Request --- server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc b/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc index c87ed19efe..e541c41daa 100644 --- a/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc +++ b/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc @@ -77,7 +77,7 @@ See the <<_service_accounts,Service Accounts>> chapter for more information. This is used by clients running on internet-connected devices that have limited input capabilities or lack a suitable browser. Here's a brief summary of the protocol: . The application requests {project_name} a device code and a user code. {project_name} creates a device code and a user code. {project_name} returns a response including the device code and the user code to the application. -. The application provides the user with the user code and the verification URI. The user accesses a verification URI to be authenticated by using another browser. +. The application provides the user with the user code and the verification URI. The user accesses a verification URI to be authenticated by using another browser. You could define a short verification_uri that will be redirected to Keycloak verification URI (/realms/realm_name/device)outside Keycloak - fe in a proxy. . The application repeatedly polls {project_name} to find out if the user completed the user authorization. If user authentication is complete, the application exchanges the device code for an _identity_, _access_ and _refresh_ token. [[_client_initiated_backchannel_authentication_grant]]