From ed9a983d797f93275c51c0ac366d22ef8bde9c56 Mon Sep 17 00:00:00 2001
From: Raajhesh Kannaa Chidambaram
 <495042+raajheshkannaa@users.noreply.github.com>
Date: Sat, 14 Mar 2026 13:15:57 -0400
Subject: [PATCH] fix: remove stale reference to closed PR #3851

The comment in oauth2/handler.go referenced a discussion on PR #3851
which was closed without merging. The same feature (RFC 8628 Device
Authorization Grant) was later merged via PR #3912. The explanatory
comment remains intact, only the dead link is removed.

Closes #3953
---
 oauth2/handler.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/oauth2/handler.go b/oauth2/handler.go
index 8ccff96b7a..4e2e56a406 100644
--- a/oauth2/handler.go
+++ b/oauth2/handler.go
@@ -758,8 +758,7 @@ func (h *Handler) performOAuth2DeviceVerificationFlow(w http.ResponseWriter, r *
 	// - The device auth session is updated (user_code is marked as accepted)
 	// - The OpenID session is created
 	// If there were multiple flows created for the same user_code then we may end up with multiple flow objects
-	// persisted to the database, while only one of them was actually used to validate the user_code
-	// (see https://github.com/ory/hydra/pull/3851#discussion_r1843678761)
+	// persisted to the database, while only one of them was actually used to validate the user_code.
 	f, err := h.r.ConsentStrategy().HandleOAuth2DeviceAuthorizationRequest(ctx, w, r)
 	if errors.Is(err, consent.ErrAbortOAuth2Request) {
 		x.LogError(r, err, h.r.Logger())