TsgcHTTP_OAuth2_Server › Events › OnOAuth2DeviceCodeVerification
Fires when the user submits a user_code on the device verification page (RFC 8628) so the application can authorize or deny the device.
property OnOAuth2DeviceCodeVerification: TsgcHTTPOAuth2DeviceCodeVerificationEvent;
// TsgcHTTPOAuth2DeviceCodeVerificationEvent = procedure(Sender: TObject; Connection: TsgcWSConnection; const UserCode: String; var Authenticated: Boolean) of object—
OnOAuth2DeviceCodeVerification is raised when a user enters a user_code on the device verification page (the URL exposed by OAuth2Options.DeviceAuthorization.VerificationURL) and submits it to link the device to the user's session (RFC 8628). UserCode is the code typed by the user; perform any additional checks (match with the authenticated user, enforce MFA, audit the approval) and set Authenticated to True to approve the pending device authorization so the device's next poll to the token endpoint succeeds, or leave it False to reject the code and keep the device pending.
procedure OnOAuth2DeviceCodeVerification(Sender: TObject; Connection: TsgcWSConnection;
const UserCode: string; var Authenticated: Boolean);
begin
// approve the pending device after the user has signed in
Authenticated := IsUserCodeValid(UserCode) and UserSessionIsTrusted(Connection);
end;