OAuth 2.0 Device Flow

Document Type Replaced Internet-Draft (individual)
Authors William Denniss  , Stein Myrseth  , John Bradley  , Michael Jones  , Hannes Tschofenig 
Last updated 2015-11-04
Replaced by RFC 8628
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-oauth-device-flow
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The device flow is suitable for OAuth 2.0 clients executing on devices which do not have an easy data-entry method (e.g., game consoles, TVs, picture frames, and media hubs), but where the end- user has separate access to a user-agent on another computer or device (e.g., desktop computer, a laptop, a smart phone, or a tablet). Note: This version of the document is a continuation of an earlier, long expired draft. The content of the expired draft has been copied almost unmodified. The goal of the work on this document is to capture deployment experience.


William Denniss (wdenniss@google.com)
Stein Myrseth (stein.myrseth@forgerock.com)
John Bradley (ve7jtb@ve7jtb.com)
Michael Jones (mbj@microsoft.com)
Hannes Tschofenig (Hannes.Tschofenig@gmx.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)