Keycloak already supports Device Authorization Grant and Proof Key for Code Exchange by OAuth Public Clients (PKCE). However, Device Authorization Grant with PKCE is not supported.
The Device Flow is designed for client devices that have limited user interfaces, such as a set-top box. Since the devices are usually public clients and the device code can be intercepted by malicious users, you can combine the Device Flow with the PKCE standard to mitigate against interception attacks if the devices support PKCE.

We believe that Keycloak should implement Device Authorization Grant with PKCE. So, we have made a PR for adding it to Keycloak.

WhDo you aggree? Could you review the PR?