Skip to content
Sudomimus

Overview

View as Markdown

Device authorization API for public clients.

Sudomimus Device 1.0.0

Section titled “Sudomimus Device 1.0.0”

The Device API is the public entry point for generic device-code authorization. CLIs, launchers, and other public clients ask for a deviceCode / userCode pair, send the user to the browser-based Sudomimus approval page, then poll until the approved session can be exchanged for ordinary Sudomimus application tokens.

This API is deliberately separate from Connect and Native:

  • Connect /establish is signed by a confidential application client.
  • Native direct-issue verifies a platform credential such as a Steam ticket or access key.
  • Device authorization has no client secret. The application opts in with a Layer 3 DEVICE_CODE ReturnRule, and the user approves the displayed code in the browser.

After a successful /device-token exchange, the returned refresh token is a normal Sudomimus application refresh token. Use the Connect API for later /refresh, /logout, /introspect, and /revoke-all operations.

Information

  • License: MIT
  • OpenAPI version: 3.1.0

Operations

Section titled “ Operations ”
GET
/health
POST
/device-authorize
POST
/device-token