OpenIdDict - Device Code Flow, how to change user_code length

Question

I'm using OpenIdDict (version 5.0.1) to implement the OAuth 'Device Code Flow'.
The /device endpoint is returning this data:

{
   "device_code": "lyJe_PgWGfOblSS6PhX67hF_ebKjTN1UZeMO3KWtJt0",
   "user_code": "8539-7540-1784",
   "verification_uri": "..."
}

The "user_code" has 12 digits, it is quite long, considering that it must be inserted manually by the user.

I've tried to customize the /device endpoint, but this seems not to be supported by OpenIdDict, as it is possible for example for the /authorize enpoint, using EnableAuthorizationEndpointPassthrough()

options
 .AllowAuthorizationCodeFlow()
 .AllowDeviceCodeFlow();

options.UseAspNetCore()
 .EnableAuthorizationEndpointPassthrough();

I've not found any other options that permits to customize the 'user_code' format.
Is it possible to generate a shorter user_code? for example: "6745-3454"?

Answer 1

I've not found any other options that permits to customize the 'user_code' format. Is it possible to generate a shorter user_code? for example: "6745-3454"?

OpenIddict 5.4.0 introduced the ability to customize the user codes charset, length and display format:

options.SetUserCodeCharset(
[
    "B", "C", "D", "F", "G", "H", "J", "K", "L", "M",
    "N", "P", "Q", "R", "S", "T", "V", "W", "X", "Z"
]);

options.SetUserCodeLength(7);

options.SetUserCodeDisplayFormat("{0}{1} - {2}{3}{4} - {5}{6}");

Note: using a lower length reduces the entropy of the generated user codes and increases chances of seeing collisions.