跳转到内容
Sudomimus

Overview

查看 Markdown

Device authorization API for public clients.

Sudomimus Device 1.0.0

Section titled “Sudomimus Device 1.0.0”

The Device API is the public entry point for generic device-code authorization. CLIs, launchers, and other public clients ask for a deviceCode / userCode pair, send the user to the browser-based Sudomimus approval page, then poll until the approved session can be exchanged for ordinary Sudomimus application tokens.

This API is deliberately separate from Connect and Native:

  • Connect /establish is signed by a confidential application client.
  • Native direct-issue verifies a platform credential such as a Steam ticket or access key.
  • Device authorization has no client secret. The application opts in with a Layer 3 DEVICE_CODE ReturnRule, and the user approves the displayed code in the browser.

After a successful /device-token exchange, the returned refresh token is a normal Sudomimus application refresh token. Use the Connect API for later /refresh, /logout, /introspect, and /revoke-all operations.

Information

  • License: MIT
  • OpenAPI version: 3.1.0

Operations

Section titled “ Operations ”
GET
/health
POST
/device-authorize
POST
/device-token