Using the Device Flow Servlet

If you wish to enable the device flow (RFC 8628) then you should configure the servlet. You may either set a flag in the server tag to enable it, which means to simply accept all defaults, or you may (and probably should) properly configure it. All of these attributes live in the deviceFlowServlet element of the configuration.

Attribute Required? Default Description
verificationURI N server + /device The endpoint where the user goes to use their code.
authorizationURI N server + /device_authorization The endpoint where the user goes to get a code.
interval N 5 Value (default is seconds, though you can specify units for sec or ms if you like) that a user must wait between attempts to verify their code. This is enforced after the first attempt, which may be done immediately.
lifetime N current server default for authorization grant lifetimes Value (default is seconds, though you can specify units for sec or ms if you like) for the number of seconds that a request to this service is valid. This will be the lifetime of the authorization grant for this request. Note that if this is not set, the server-wide default for authorization grants is used. It may also be set on a per client basis, which supercedes all other values.
codeChars N 234679CDFGHJKLMNPQRTVWXZ A sequence of unique characters. These will be used to construct user codes and aside from the separator, only these are allowed.
codeLength N 9 The number of characters (without separator) in a user code. An example with the default would be Q7D-XXR-P37, so there are 9 actual characters. The user is allowed to type these back with or without the separator.
codeSeparator N - (hyphen) A character that is inserted between periods (see below) in the user code.
codePeriodLength N 3 The number of characters of the code grouped together. For instance if the characters for the code are ABC123DEF456, then (with the default separator) 
                code period = 3 ==> ABC-123-DEF-456
                code period = 4 ==> ABC1-23DE-F456
                code period = 5 ==> ABC12-3DEF4-56
The aim of the code period length is to allow the user to visually group characters together, rather than simply trying to grok a long string.

An Example

This has all of the defaults in a configuration 
    <deviceFlowServlet
        authorizationURI="https://dev.cilogon.org/device_authorization"
        verificationURI="https://dev.cilogon.org/device"
        interval="5 sec."
        lifetime="1200 sec."
        codeChars="234679CDFGHJKLMNPQRTVWXZ"
        codeLength="9"
        codeSeparator="-"
        codePeriodLength="3"
    />
Note that if this is omitted, then there is no device flow enabled. If you want to use just the defaults for everything, you can use the rfc8628Enabled attribute (set to true) in the server tag instead. You should have one or the other, not both.