We currently have an Angular application that calls our API in a secured way with access tokens thanks to Auth0.
On the Auth0 side we created a SPA application and everything works perfectly fine so far.
We started developing a mobile application that will call our API directly. As mobiles are input constrained devices we were thinking about using the Device Authorization Flow to remove some login pain to our customers.
From my understanding, to enable the Device Authorization Flow we have to create a new “Native” Auth0 application and use it to request and validate access tokens.
This means I would have to migrate my API and Angular application to use this new “Native” Auth0 application.
Did I miss something ?
Is there a way to avoid this migration by adding the device code as grant type to my existing SPA Auth0 application ?
Or would that cause any security issue ?