/oauth2/device/user
This is the Device flow endpoint for user interaction. Client devices use this endpoint to exchange a user code with consent from the resource owner to access the resources in the following flows:
Client devices use this endpoint to confirm the resource owner’s consent in the following flows:
Specify the realm in the request URL; for example:
https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/device/user
The device user endpoint supports the following parameters:
Parameter | Description | Required |
---|---|---|
The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks. |
Yes, when gathering consent without a remote consent service |
|
Specifies whether the resource owner consents to the requested access. |
Yes, when gathering consent unless consent is already saved for the scope |
|
Specifies whether to store a resource owner’s consented scopes. |
No |
|
The scopes linked to the permissions requested by the client from the resource owner. |
No |
|
|
The user code confirmed by the resource owner. |
Yes |