Monday 06 July 2026 09:19:37 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Device Code Flow

An OAuth method that lets a user sign in on one device by entering a code on another device.

Device Code Flow is an OAuth sign-in method designed for devices that cannot comfortably type a username and password, such as smart TVs, consoles, or command-line tools. The user starts authentication on one device, receives a short code, and enters that code on another device to complete sign-in. The app never sees the password directly.

In cyber security, this flow matters because it can be abused in phishing and consent attacks. An attacker can present a fake login prompt, persuade a victim to enter the code on a legitimate identity page, and then capture an authenticated session or request cloud app permissions. Defenders should monitor for unusual device-code activity, restrict where the flow is allowed, limit user consent, and prefer phishing-resistant MFA where possible. The core risk is that a real sign-in flow can still be used for unauthorized access.

← WIKICROOK index