I am starting to work on a munging of device authorization and entity permissions so that an IoT device is commissioned using just the device code and entity permissions. Once the code is confirmed, then the entity is authenticated so that the device is given access to the entity with the scopes provided without a user login.
My question is whether this sequence will work. I thought I would pose this question before I get too deep into the solution and to see if an example of it already exists. I was not able to find one.