Is opening a browser to display a login page, which was generated from the site performing the authentication, built into the OAuth2 specification?
My requirements and constraints are going to prevent me from having a browser on the device. However, a request to authenticate the user against Azure Active Directory has been made. They are really looking for the desktop application to have fields in its own GUI for the username and password, and the ability to check if that's a registered user or not.
Is opening a browser to display a login page, which was generated from the site performing the authentication, built into the OAuth2 specification?
It is related to used OAuth2 flow specification, not to OAuth2 specification.
My requirements and constraints are going to prevent me from having a browser on the device.
That means you can't follow RFC8252 (where that browser is required).
So your only option is Resource Owner Flow/Direct Access Grant. But it isn't "secure", because app will have access to user credentials. Other cons: single sign-on won't be working, some IDPs may have also problem with multi factor authentication for this flow and security enterprise departments also don't like this flow at all usually.