software you've purchased that auto-updates to a new version and makes you buy a new license is worse than software that is just a straight subscription model, just saying
Fair! Thankfully these codes come from the authorization server rather than the app, so unless you're also building our own AS there's less of a chance of messing that one up! Your comment about the QR code is spot on tho! That's an optimization the app dev can do for better UX
They do! They also don't (can't) contain any identifying information at this stage in the flow. The only risk in sharing these screenshots is if you share them within like 10 minutes of seeing it, and then the "attacker" can log in their account to your TV so 🤷♂️
I'm very curious why the code but not the QR is obfuscated in the first one, but the QR and not the code is obfuscated in the second one... they contain the same data! But yes this is a good UX improvement on top of the OAuth device flow 👍