I have not seen this as a requirement, but the devices that I’ve worked on were
not implemented or constrained in the same way that yours were. This seems like
it is a detail of that environment. That said, the device grant spec doesn’t
preclude the use of CORS on the device endpoint by being si
Hello *,
I recall implementing an early draft of this flow few years ago for a
client landscape composed primarily of older set-top boxes, old and new TV
models of various brands (LG, Samsung, Sony) and also HbbTV standards 1.5
and 2.0.
I remember having to set up CORS on both the device authoriz
