Add deviceAuthorization field to OAuthFlows object (OpenAPI 3.2.0)

[Copilot]

Overview

Implements the new deviceAuthorization field for the OpenApiOAuthFlows object as defined in the OpenAPI 3.2.0 specification.

Changes

Core Implementation

• Added DeviceAuthorization property to OpenApiOAuthFlows class for configuring the OAuth Device Authorization flow
• Added DeviceAuthorization constant to OpenApiConstants for consistent field naming
• Updated copy constructor to properly clone the DeviceAuthorization property

Serialization

The implementation handles version-specific serialization:

OpenAPI 3.2+: Serializes as a standard field

{
  "deviceAuthorization": {
    "tokenUrl": "https://example.com/token",
    "scopes": { ... }
  }
}

OpenAPI 3.1 and 3.0: Serializes as an extension for backward compatibility

{
  "x-oai-deviceAuthorization": {
    "tokenUrl": "https://example.com/token",
    "scopes": { ... }
  }
}

Deserialization

• V32 deserializer: Reads deviceAuthorization as a standard field
• V31 and V3 deserializers: Read x-oai-deviceAuthorization extension and populate the DeviceAuthorization property

This approach follows the same pattern used for other OpenAPI 3.2-specific fields like $self in OpenApiDocument.

Testing

Added comprehensive serialization tests covering:

• OpenAPI 3.2 (standard field)
• OpenAPI 3.1 (x-oai- extension)
• OpenAPI 3.0 (x-oai- extension)

All existing tests continue to pass (904 + 331 + 54 tests).

API Changes

Updated the public API export with:

• OpenApiConstants.DeviceAuthorization constant
• OpenApiOAuthFlows.DeviceAuthorization property

Fixes #[issue number]

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• example.org926f4f21-88e7-4dc5-bf88-6c529bb77844
  • Triggering command: /usr/share/dotnet/dotnet exec --runtimeconfig /home/REDACTED/work/OpenAPI.NET/OpenAPI.NET/test/Microsoft.OpenApi.Hidi.Tests/bin/Debug/net8.0/Microsoft.OpenApi.Hidi.Tests.runtimeconfig.json --depsfile /home/REDACTED/work/OpenAPI.NET/OpenAPI.NET/test/Microsoft.OpenApi.Hidi.Tests/bin/Debug/net8.0/Microsoft.OpenApi.Hidi.Tests.deps.json /home/REDACTED/work/OpenAPI.NET/OpenAPI.NET/test/Microsoft.OpenApi.Hidi.Tests/bin/Debug/net8.0/testhost.dll --port 36503 --endpoint 127.0.0.1:036503 --role client --parentprocessid 23628 --telemetryoptedin false (dns block)
• https://api.github.com/repos/BinkyLabs/BinkyLabs%2FOpenAPI.NET/languages
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>OAuthFlows - new field deviceAuthorization</issue_title>
<issue_description>OAI 3.2.0 defines a new field on the flows object deviceAuthorization (OpenAPIOauthFlow?)

We should add the new field, and implement serialization/deserialization for it.

For OpenAPI 3.1.0, we should serialize with an x-oai- prefix to make it an extension</issue_description>

<agent_instructions>make sure to update the public api export</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Fixes #14

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.