/device_authorization

Start Device Authorization Flow for input-constrained devices.

Prerequisites

  • A client allowed to use device authorization
  • A user-facing verification URI

Method

  • POST /device_authorization

Example Request

curl -X POST https://localhost:5001/device_authorization \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=device-client&scope=openid profile"

Next Step

After receiving a device code, poll /token using the device code grant.

Common Pitfalls

  • Polling /token faster than the returned interval.
  • Displaying the wrong verification URL to the user.

Troubleshooting

  • If polling never completes, verify that the user finished verification in the browser.