Hi all, It seems the word 'no' is missing in section 5.2 of the OAuth 2.0 Device flow:
As the device code is not displayed to the user and thus there are *NO* usability considerations on the length, a very high entropy code SHOULD be used. Best regards, Emond Papegaaij Topicus KeyHub _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth