fix: enforce device authorization grant type (#400)

2026-05-06 18:49:31 -05:00 · 2023-05-26 11:52:35 +03:00
parent 09bdd1dca2
commit a4dbe2a973
4 changed files with 46 additions and 5 deletions
@@ -193,6 +193,24 @@ func WebClient(id, secret string, redirectURIs ...string) *Client {
 	}
 }

+// DeviceClient creates a device client with Basic authentication.
+func DeviceClient(id, secret string) *Client {
+	return &Client{
+		id:                             id,
+		secret:                         secret,
+		redirectURIs:                   nil,
+		applicationType:                op.ApplicationTypeWeb,
+		authMethod:                     oidc.AuthMethodBasic,
+		loginURL:                       defaultLoginURL,
+		responseTypes:                  []oidc.ResponseType{oidc.ResponseTypeCode},
+		grantTypes:                     []oidc.GrantType{oidc.GrantTypeDeviceCode},
+		accessTokenType:                op.AccessTokenTypeBearer,
+		devMode:                        false,
+		idTokenUserinfoClaimsAssertion: false,
+		clockSkew:                      0,
+	}
+}
+
 type hasRedirectGlobs struct {
 	*Client
 }