Adding device code as grant type to existing application

Hi all,

We currently have an Angular application that calls our API in a secured way with access tokens thanks to Auth0.
On the Auth0 side we created a SPA application and everything works perfectly fine so far.

We started developing a mobile application that will call our API directly. As mobiles are input constrained devices we were thinking about using the Device Authorization Flow to remove some login pain to our customers.

From my understanding, to enable the Device Authorization Flow we have to create a new “Native” Auth0 application and use it to request and validate access tokens.
This means I would have to migrate my API and Angular application to use this new “Native” Auth0 application.
Did I miss something ?
Is there a way to avoid this migration by adding the device code as grant type to my existing SPA Auth0 application ?
Or would that cause any security issue ?

Cheers

Hello @tchassagnette!

To call an API from an input-constrained device using the Device Authorization flow does require a Native App made in your tenant. You should be able to keep the API as is. I found a tutorial on how to set up this flow as well as an interactive Device Flow Playground which should help you familiarize yourself with the flow.

Let me know if you have any other questions and I hope this helps!

Best,
Alex