Skip to content

docs(api): add OAuth device authorization flow documentation #15977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dcramer merged 2 commits into from
Jan 14, 2026
Merged

docs(api): add OAuth device authorization flow documentation #15977

dcramer merged 2 commits into from
Jan 14, 2026
+173 −0

Conversation

@dcramer
Copy link
Member

@dcramer dcramer commented Jan 12, 2026

Add documentation for the OAuth 2.0 Device Authorization Grant (RFC 8628) to the API authentication docs.

This documents the device code flow implemented in getsentry/sentry@d4e4b74, which enables headless clients (CLI tools, CI/CD pipelines, Docker containers) to authenticate without a browser on the device.

The new section covers:

  • When to use the device flow vs standard OAuth
  • Requesting device codes from /oauth/device_authorization/
  • Displaying user codes and verification URLs
  • Polling the token endpoint with proper interval handling
  • Error responses (authorization_pending, slow_down, access_denied, expired_token)
  • Complete Python example implementation

@dcramer
docs(api): add OAuth device authorization flow documentation
db88b39 
Document the OAuth 2.0 Device Authorization Grant (RFC 8628) for
headless clients like CLI tools, CI/CD pipelines, and Docker containers.

Covers the complete flow: requesting device codes, displaying user
instructions, polling for tokens, and handling errors. Includes a
Python example implementation.
@vercel
Copy link

vercel bot commented Jan 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
sentry-docs Ready Ready Preview, Comment Jan 13, 2026 4:25pm
1 Skipped Deployment
Project Deployment Review Updated (UTC)
develop-docs Ignored Ignored Preview Jan 13, 2026 4:25pm

sentry[bot]
sentry bot reviewed Jan 12, 2026
View reviewed changes
docs/api/auth.mdx
if 'access_token' in result:
# Step 4: Success
print("Authentication successful!")
return result['access_token'], result['refresh_token']

This comment was marked as outdated.

Sign in to view

@codyde codyde self-requested a review January 12, 2026 23:57
BYK
BYK approved these changes Jan 13, 2026
View reviewed changes
docs/api/auth.mdx

#### Step 2: Display Instructions to User

Display the user code and verification URL to your user:
Copy link
Member

@BYK BYK Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to mention they can also launch verification_uri_complete for ease of access

betegon
betegon reviewed Jan 13, 2026
View reviewed changes
Copy link
Member

@betegon betegon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The endpoint URL is wrong. The actual implementation uses /oauth/device/code/, not /oauth/device_authorization/.

See the implementation PR: getsentry/sentry#105675

In src/sentry/web/urls.py:

re_path(r"^device/code/$", OAuthDeviceAuthorizationView.as_view()),

Changes needed:

  • https://sentry.io/oauth/device_authorization/https://sentry.io/oauth/device/code/
  • DEVICE_AUTH_URL = 'https://sentry.io/oauth/device_authorization/'DEVICE_AUTH_URL = 'https://sentry.io/oauth/device/code/'

betegon
betegon requested changes Jan 13, 2026
View reviewed changes
docs/api/auth.mdx Outdated
Request a device code from the device authorization endpoint:

```bash
curl -X POST https://sentry.io/oauth/device_authorization/ \
Copy link
Member

@betegon betegon Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the actual implementation uses /oauth/device/code/, not /oauth/device_authorization/.

See PR: getsentry/sentry#105675

In src/sentry/web/urls.py:

re_path(r"^device/code/$", OAuthDeviceAuthorizationView.as_view()),

Changes needed:

  • https://sentry.io/oauth/device_authorization/https://sentry.io/oauth/device/code/
  • DEVICE_AUTH_URL = 'https://sentry.io/oauth/device_authorization/'DEVICE_AUTH_URL = 'https://sentry.io/oauth/device/code/'

docs/api/auth.mdx Outdated
import requests

CLIENT_ID = 'your-client-id'
DEVICE_AUTH_URL = 'https://sentry.io/oauth/device_authorization/'
Copy link
Member

@betegon betegon Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

@dcramer @claude
fix(api): correct device authorization endpoint URL
bdacbbf 
Change endpoint from /oauth/device_authorization/ to /oauth/device/code/
to match the actual implementation in sentry.

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@betegon betegon self-requested a review January 13, 2026 16:15
@dcramer
Copy link
Member Author

dcramer commented Jan 14, 2026

tbqh kind of surprised it fucked up the url like that - guessing it didnt review the entire commit

@dcramer dcramer merged commit 3489ddf into master Jan 14, 2026
14 checks passed
@dcramer dcramer deleted the docs/oauth-device-flow branch January 14, 2026 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@BYK BYK BYK approved these changes

@betegon betegon betegon approved these changes

@codyde codyde Awaiting requested review from codyde

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dcramer @BYK @betegon