Limited Input Devices

Limited input devices are devices that don't have a user agent, such as a web browser. OAuth can be implemented with Zoho on limited input devices such as smart TVs and printers.

Terminology

User Code: A unique code used to identify the end-user.

Device Code: A unique code used to identify the limited input device.

Verification URL: A URL the user must navigate to on a device with better input capabilities and enter the user code. The URL must also prompt authorization to the user.

Access Token: An end-user authorized key that lets the client access protected resources from the resource server. The client can make API calls using this access token for up to an hour after the creation of the access token.

User protocol flow

  1. The user opens the client's application on the limited input device where the user code and verification URL are displayed.
  2. On a different device with a browser, the user navigates to the verification URL and enters the user code.
  3. The user enters their login credentials and authorizes the access.