authorization_ pending
Registry Context
A device authorization grant error indicating that the end user has not yet completed the authorization steps.
Technical Summary
A token endpoint error for the OAuth 2.0 Device Authorization Grant indicating that the authorization request remains pending.
When Used
Returned in a device authorization grant token response while the end user has not yet completed the user-interaction steps.
Normative Requirements
Clients
RFC 8628 - Section 3.5
wait at least the interval specified in the device authorization response, or 5 seconds if none was provided, and respect increases required by slow_down.
Condition: before each new polling request
Before each new request, the client MUST wait at least the number of seconds specified by the "interval" parameter [...] or 5 seconds if none was provided.
RFC 8628 - Section 3.5
stop polling.
Condition: if it receives an error response with any code other than authorization_pending or slow_down
If the client receives an error response with any other error code, it MUST stop polling.
RFC 8628 - Section 3.5
reduce its polling frequency before retrying.
Condition: when it encounters a connection timeout
On encountering a connection timeout, clients MUST unilaterally reduce their polling frequency before retrying.
RFC 8628 - Section 3.5
repeat the access token request to the token endpoint.
Condition: when it receives an authorization_pending error
The client SHOULD repeat the access token request to the token endpoint (a process known as polling).
RFC 8628 - Section 3.5
react appropriately to the error, for example by displaying an error to the user.
Condition: if it receives an error response with any code other than authorization_pending or slow_down
[It] SHOULD react accordingly, for example, by displaying an error to the user.
RFC 8628 - Section 3.5
use an exponential backoff algorithm, such as doubling the polling interval after each connection timeout.
Condition: when reducing polling frequency following connection timeouts
The use of an exponential backoff algorithm to achieve this [...] is RECOMMENDED.
Validation Guidance
When authorization_pending is received, the client repeats the token request only after waiting the required polling interval.
The client stops polling after receiving an error other than authorization_pending or slow_down.
After a connection timeout, the client reduces its polling frequency before retrying, preferably using exponential backoff.
authorization_pending is used as a token endpoint error for the device authorization grant while end-user interaction remains incomplete.
Reference
Details
- Entry Id
authorization_pending - Name
authorization_pending - Usage Location
Token endpoint response- Protocol Extension
RFC8628- Change Controller
IETF- Reference
RFC8628 - Section 3.5