Non-browser devices

Non-browser devices are devices that don't have a user agent, such as a web browser. OAuth can be implemented with Zoho on non-browser devices such as smart TVs and printers.

OAuth flow for non-browser devices

Step 1: Client registration

Step 2: Initiation request

The device won't be able to get permission from the user directly, due to the lack of a browser. The device needs to make an initiation request to Zoho Accounts server to get:

user_code - this will be used to get permission from the user
verification_url - this is the URL that the user should access from a browser, and enter the user code in.
device_code - this will be used to get the access token (during polling request).

See API reference for initiation request

Step 3: Display the user code and verification URL to user

After the initiation request, the device must display the verification_URL and user_code to the user. The user can grant permission to the device by navigating to the verification_URL from their mobile phone or laptop and entering the user_code. Simultaneously, the device will have to send polling requests to the Zoho server.

When the user navigates to the verification_URL in a browser, the following screen will be shown, where the user needs to enter the user_code and click Verify. After clicking Verify, the required permissions will be shown. The user needs to grant permission by clicking Accept.

Step 4: Polling request

If the user has granted permission, the device can make requests to the Zoho server to get an access token. But the device won't know whether the user has granted permission or not. Hence, the device will have to keep polling requests to the server at a rate of 1 request per 30 seconds. The server will respond with a feedback response depending on the user's action. If the user has granted permission, the server will provide the access token to the device.

See API reference

Step 5: Access resources

Using the access token, the device can access the resources specified in the scope.