The redirect-based OAuth 2.0 flows assume one thing: the user has a browser on the same device where your app runs. Smart TVs, IoT sensors, and CLI tools break that assumption. If your application runs somewhere a browser isn’t practical or doesn’t exist, you need a different mechanism. The Device Authorization Flow (standardized in RFC 8628) was designed for exactly this scenario.

read more