Taka, My reading is that the device flow, like other OAuth flows, does not prohibit extension, including passing back identity assertions like the ID Token. Since it inherits the token response from core OAuth 2, the ID Token could be issued along side the access token just like in the authorization code flow.The user is present and interacting at the AS in both cases. In fact, I’d say that there are enough similarities between the two that for the most part it should “just work” and fit the assumptions of most clients. That said, it’s technically true that there is no defined profile for the combination of the device flow and OIDC, but if something like that were to be written it would be better fit to the OpenID Foundation.
— Justin On Jun 20, 2019, at 6:32 PM, Takahiko Kawasaki <t...@authlete.com<mailto:t...@authlete.com>> wrote: Hello, Do you have any plan to update the specification of Device Flow to support issue of ID tokens? OAuth 2.0 Device Authorization Grant https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/?include_text=1 Best Regards, Takahiko Kawasaki _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth