| DeviceAuthorizationRequest | Represents a stored device authorization request as defined in RFC 8628. This record is used to persist the state of a device authorization flow between the initial request and when the user completes authentication. |
| DeviceAuthorizationStorage | Implements storage for device authorization requests as defined in RFC 8628. Stores requests by device_code (for client polling) with a secondary index by user_code (for user verification). Uses atomic distributed cache operations to prevent race conditions in token issuance. |
| DeviceCodeGenerator | Generates high-entropy device codes for the Device Authorization Grant (RFC 8628). The device code is used by clients to poll the token endpoint. |
| InvalidUserCode | Indicates that the user code was not found or has expired. |
| UserCodeAlreadyUsed | Indicates that the user code has already been used (approved or denied). |
| UserCodeGenerator | Generates user codes for the Device Authorization Grant (RFC 8628). The alphabet used for code generation is configurable to support numeric, alphabetic, or alphanumeric codes. |
| UserCodeNormalizer | Canonicalizes user-entered user codes for the Device Authorization Grant (RFC 8628) following the input-processing guidance in Section 6.1: punctuation added for readability (dashes, spaces) and any other characters outside the configured alphabet are dropped, and case is folded when the alphabet is single-case so that a user typing the equivalent lowercase (or uppercase) form is not rejected. |
| UserCodeRateLimiter | Implements rate limiting for user code verification attempts to prevent brute force attacks. Uses exponential backoff and per-IP rate limiting as recommended by RFC 8628 Section 5.2. |
| UserCodeVerificationResult | Represents the result of a user code verification attempt. This is a discriminated union with three concrete implementations. |
| UserCodeVerificationService | Implements the user code verification service for the Device Authorization Grant flow (RFC 8628). This service handles the verification, approval, and denial of device authorization requests with built-in brute force protection. |
| ValidUserCode | Indicates that the user code was successfully verified and the request is pending authorization. |