Authorization; Identity Relationships

  • TYPE: Expert Talk DATE: Thursday, May 17, 2018 TIME: 12:00-13:00 LOCATION: WINTER GARDEN
Experts Stage III

Authorization for the IoT: The OAuth Device Grant Flow

OAuth is well established as the go to protocol for API security, but there are still a few application types out there that struggle to securely fit into the OAuth story. This includes devices where user input is tricky, where data entry uses a tv remote control, and everyone gets to see you slowly type in your password. Or devices where there is no browser, where the dreaded Resource Owner Password Credentials grant type still reigns.

Finally, there is a solution, with the all new Device flow for OAuth, specially designed for browserless platforms or devices with limited input methods. In this talk we’ll see the device flow in action by extending IdentityServer 4, an open source OpenID Connect and OAuth written in .NET, and look at how it is an improvement on existing solutions using real world scenarios where it should be used.

Key Takeaways:

  • How existing methods for authorizing browserless or input constrained devices are just not secure enough
  • How the OAuth Device flow can provide a secure and simple user experience
  • How Single Sign On can be achieved for browserless devices

Log in to download presentations:  


Scott Brady is a software developer and Pluralsight author specialising in identity and access management. Focusing on ASP.NET, Scott has increasingly found himself in undocumented territory, piecing together the facts and attempting to pass them on so that others don’t have to go through...


Session Links

Munich, Germany


European Identity & Cloud Conference 2018

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 15 - 18, 2018 Munich, Germany