This is really an extension to a blog I did in October 2015 - Device Authorization using OAuth2 and OpenAM , with an application written in Node.js using the newly released OpenAM 13.0. The basic flow hasn't really changed. Ultimately there is a client - the TV emulator - that communicates to OpenAM and the end user, with the end user also performing out-of-band operations via a device which has better UI capabilities - aka a tablet or laptop. The app boots and initiates a request to OpenAM to get a unique user and device code, prompting the user to hit a specific URL on their tablet. The user authenticates with the OpenAM resource server as necessary, enters the code and performs a consent dance to approve the request from the TV to be paired and retrieve data from the user's profile - in this case, overloading the postaladdress attribute in DJ to store favourite channel data. In the meantime, the TV client is performing a polling operation - checking with the OpenAM authoriza
Recipes for Digital Identity & Security