/oauth2/device/user

This is the Device flow endpoint for user interaction. Client devices use this endpoint to exchange a user code with consent from the resource owner to access the resources in the following flows:

Client devices use this endpoint to confirm the resource owner’s consent in the following flows:

Device flow (OAuth 2.0)
Device flow with PKCE (OAuth 2.0)

Specify the realm in the request URL; for example:

https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/device/user

The device user endpoint supports the following parameters:

Parameter Description Required

Parameter	Description	Required
`csrf`	The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks.	Yes, when gathering consent without a remote consent service
`decision`	Specifies whether the resource owner consents to the requested access.	Yes, when gathering consent unless consent is already saved for the scope
`save_consent`	Specifies whether to store a resource owner’s consented scopes.	No
`scope`	The scopes linked to the permissions requested by the client from the resource owner.	No
`user_code`	The user code confirmed by the resource owner.	Yes

csrf

The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks.

Yes, when gathering consent without a remote consent service

decision

Specifies whether the resource owner consents to the requested access.

Yes, when gathering consent unless consent is already saved for the scope

save_consent

Specifies whether to store a resource owner’s consented scopes.

scope

The scopes linked to the permissions requested by the client from the resource owner.

user_code

The user code confirmed by the resource owner.