PSA to all TV app developers: when a user first signs-in please add a QR code that contains the “sign-in through your browser” URL along with the unique code as a query parameter. It will delight your users who have a phone that supports it (most do now) Examples 👇
6
4
48
Replying to @_jayphelps
I'm very curious why the code but not the QR is obfuscated in the first one, but the QR and not the code is obfuscated in the second one... they contain the same data! But yes this is a good UX improvement on top of the OAuth device flow 👍

Jan 5, 2022 · 6:05 AM UTC

1
1
Replying to @aaronpk
I thought the exact same thing but was too lazy to get my laptop out so I could scan the pictures with my phone to check if they indeed contain the unique code too or just the same generic URL 😂 in case it wasn’t obvious they’re not my screenshots. Hopefully the codes expire.
1
They do! They also don't (can't) contain any identifying information at this stage in the flow. The only risk in sharing these screenshots is if you share them within like 10 minutes of seeing it, and then the "attacker" can log in their account to your TV so 🤷‍♂️
2
more replies