feat(oauth): Implement OAuth 2.0 Device Authorization Flow (RFC 8628) #105675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

dcramer merged 24 commits into master from oauth-device-flow

Jan 12, 2026

Merged

feat(oauth): Implement OAuth 2.0 Device Authorization Flow (RFC 8628) #105675

fix(oauth): Add trailing slash to device code endpoint URL

GitHub Advanced Security / CodeQL succeeded Jan 12, 2026 in 5s

3 new alerts including 3 medium severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

3 medium

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 187 in src/sentry/web/frontend/auth_login.py

Code scanning / CodeQL

URL redirection from remote source

Untrusted URL redirection depends on a [user-provided value](1). Untrusted URL redirection depends on a [user-provided value](2).

Check warning on line 256 in src/sentry/web/frontend/auth_login.py

Code scanning / CodeQL

URL redirection from remote source

Untrusted URL redirection depends on a [user-provided value](1). Untrusted URL redirection depends on a [user-provided value](2).

Check warning on line 523 in src/sentry/web/frontend/base.py

Code scanning / CodeQL

URL redirection from remote source

Untrusted URL redirection depends on a [user-provided value](1). Untrusted URL redirection depends on a [user-provided value](2). Untrusted URL redirection depends on a [user-provided value](3).