You should see bounded polling, narrow scopes, clear timeout behaviour, and no token leakage into logs or persistent storage. If the CLI is continuously polling, retaining old tokens, or requesting broad API access for a simple task, the flow has moved outside its intended security boundary.
Why This Matters for Security Teams
device code flow is designed for constrained input devices and headless sign-in paths, not as a general-purpose authentication escape hatch. The boundary matters because once the flow is used for broader CLI automation, shared terminals, or long-lived sessions, the risk profile changes fast: tokens can outlive the task, scopes can widen quietly, and logs can become a leakage path. NHI Management Group notes that 97% of NHIs carry excessive privileges in modern enterprises, which is exactly the kind of drift that turns an intended limited flow into a standing-access problem in practice, as described in the Ultimate Guide to NHIs. The right question is not whether the flow works, but whether it remains narrowly scoped, ephemeral, and observable enough to match its original trust model. Current guidance from the NIST Cybersecurity Framework 2.0 still points teams toward least privilege and continuous control validation, which applies here as much as it does to service accounts. In practice, many security teams encounter device code flow boundary violations only after a CLI has already persisted tokens or expanded permissions during routine automation.
How It Works in Practice
A device code flow stays within its intended boundary when the client only requests the minimum scopes required for a single task, polls at a bounded interval, and stops cleanly when approval or timeout occurs. The authorization server should issue short-lived tokens, and the client should treat those tokens as ephemeral, not as reusable session material. For NHI governance, the important signals are not just successful sign-in, but whether the workload identity remains tied to the specific device, command, or automation context that initiated the flow.
Practitioners usually validate this boundary by checking:
- Whether the polling interval is fixed and rate-limited, rather than continuous or aggressive.
- Whether access tokens and refresh tokens are stored in memory only, with no persistent cache unless explicitly justified.
- Whether scopes are narrow and task-specific, rather than broad API permissions granted “for convenience.”
- Whether logs redact device codes, tokens, and user codes before they leave the host.
- Whether the session expires predictably and forces a new user action instead of silently extending access.
This is where NHI discipline becomes operational. The Ultimate Guide to NHIs emphasises lifecycle control, visibility, and rotation because the same failures that affect API keys also affect device-bound authentication sessions. If the CLI or agent continues to poll after a timeout, retains old tokens, or reuses the same credential material across unrelated tasks, the flow is no longer bounded by its original design. These controls tend to break down in shared automation hosts, long-running developer workstations, and background jobs that reuse cached auth state because the session boundary becomes detached from the original user interaction.
Common Variations and Edge Cases
Tighter device code controls often increase operational friction, requiring organisations to balance user convenience against session containment. That tradeoff is real, especially for developer tooling and hybrid endpoints where repeated sign-in prompts can slow work. Best practice is evolving, but current guidance suggests treating persistent token storage as an exception rather than the default, and only after a clear risk review.
Edge cases usually appear when device code flow is repurposed for workloads it was not meant to serve. For example, a CLI used in CI/CD may look harmless if it only authenticates once, but if it keeps refresh tokens for unattended execution, it has crossed from user-mediated access into durable machine access. That is a boundary problem, not just an implementation detail. Similarly, broad delegated scopes may be acceptable for interactive admin tasks, but they are difficult to justify for a simple read-only command.
Security teams should also watch for token leakage into telemetry, shell history, crash dumps, and support bundles. Those are the places where intended boundaries fail quietly. The same applies to environments with shared workstations or VDI, where cached authentication state may survive beyond the original user session. In these cases, the flow is no longer operating as a constrained bridge between a person and a device, but as a reusable access mechanism with unclear ownership.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Addresses credential lifetime and rotation, central to bounded device code sessions. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access is the key test for whether scopes stay within boundary. |
| NIST AI RMF | AI RMF governance principles apply when agentic CLI workflows use device authentication. |
Define ownership, logging, and approval boundaries for any automated workflow using device code flow.
Related resources from NHI Mgmt Group
- How do you know if AI-generated analytics actions are operating within their intended boundary?
- How do you know if an agent is operating outside its intended boundary?
- How do teams know if an agent is operating outside its intended governance boundary?
- How do security teams know whether an agent is operating inside its intended boundary?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 8, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
