how does criteria work about on-device-authentication?

Question

Hi, I'm&nbsp;preparing for certification&nbsp;and struggling with implementing on-device-authentication.But I wonder if I have to exactly follow the flow shown as follows:&nbsp;To be more specific, is it possible to store customers email, password directly to Roku cloud and device registry instead of storing access token?&nbsp;It's still adhere to the criteria "Channels must complete account sign-ups and sign-ins on the device using On-device authentication, without visiting an external webpage"....

RokuJonathanD · Answer

Hi&nbsp;simssons2,
The customer's personal information may not be stored in the Roku Cloud or in the device registry. You can store an&nbsp;access token, oAuth token, or some other authentication artifact.

JSTStuadr · Answer

We too have this issue.&nbsp;So now we can't use Oauth2.0 Device Flow or Auth Code flow ? All Idp we use to authenticate our users using&nbsp;Oauth2.0 are not supported on Roku.&nbsp;

RokuJonathanD · Answer

You can use the client credential oAuth 2.0 flow to get an access token and store it in the Roku Cloud. You can then subsequently get a refresh token upon validating a subscription and then store it in the Roku Cloud.&nbsp;

sanity-check · Answer

Hi&nbsp;RokuJonathanD&nbsp;, I read your comment above and wondered if I've been missing something big - our interpretation of the new rule is that it prevents any kind of 3rd-party login so we're basically ditching 1/3 of our users in the next release of one app. Communication from RPS has aligned with this viewpoint, we've been advised to make changes to our infrastructure to enable Facebook (etc) users to convert to "real" username/password accounts on the service - but there are so many third parties involved and no non-Roku business case for doing it that it's not going to happen.&nbsp;Reading about the "client credential oAuth 2.0. flow", it's described as:The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user's resources.I don't yet see how it helps us authenticate a user of our service, could you give some further hints?

nest22 · Answer

Hello I am working with roku cloud, I have problems obtaining the token that I store in roku cloud, I get it but it is empty, to upload I have no problems, everything works fine, I need help

Forum Discussion

how does criteria work about on-device-authentication?

Related Content

On-device authentication edge case

Question about on device authentication

Certification criteria 4.4. Focused Full-Screen Playback

On Device Authentication Security

Child-directed content cert. criteria 1.5 question

Recent Discussions

Remotes and apps

List of Third-party Roku Channel Developers for hire

Roku took down my channel without explanation

On-device authentication edge case

RokuPay API Not Triggering After App Publication