Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

POST /oauth/device/code This flow is designed for input-constrained devices to access an API. Use this endpoint to obtain a device code that allows the user to authorize the device.

Request Example

POST https://{yourDomain}/oauth/device/code
Content-Type: application/x-www-form-urlencoded

client_id=${account.clientId}&scope=SCOPE&audience=API_IDENTIFIER

Response Values

ValueDescription
device_codeThe unique code for the device.
user_codeThe code the user must input to authorize the device.
verification_uriThe URL the user should visit to authorize the device.
verification_uri_completeThe complete URL including the user code for easy access.
expires_inThe lifetime of the device and user codes in seconds.
intervalThe polling interval in seconds to request a token.

Remarks

  • Include offline_access in the scope to obtain a Refresh Token.
  • Use the returned device code to request an access token from the token endpoint.

Token Request Example

POST https://{yourDomain}/oauth/token
Content-Type: application/x-www-form-urlencoded

client_id=${account.clientId}&device_code=YOUR_DEVICE_CODE&grant_type=urn:ietf:params:oauth:grant-type:device_code

Responses

200

A successful request returns an access token. 
HTTP/1.1 200 OK
Content-Type: application/json
{
   "access_token": "eyJz93a...k4laUWw",
   "id_token": "eyJ...0NE",
   "refresh_token": "eyJ...MoQ",
   "expires_in": 86400,
   "token_type": "Bearer"
}

Error Responses

HTTP/1.1 403 Forbidden
Content-Type: application/json
{ "error": "authorization_pending", "error_description": "User has yet to authorize device code." }

HTTP/1.1 429 Too Many Requests
Content-Type: application/json
{ "error": "slow_down", "error_description": "You are polling faster than the specified interval of 5 seconds." }

HTTP/1.1 403 Forbidden
Content-Type: application/json
{ "error": "access_denied", "error_description": "User cancelled the confirmation prompt." }

Learn More

Parameters

client_id
string
required
Your application’s ID.
scope
string
The scopes for which you want to request authorization.
audience
string
The unique identifier of the target API you want to access.
resource
string
The identifier of the target API (resource server) you want to access. Must match an API Identifier registered in your Auth0 tenant. Used as an alternative to audience when the tenant’s Resource Parameter Compatibility Profile is set to compatibility.

Response

StatusDescription
200Returns device and user codes.