AM 7.3.1


This is the Device flow endpoint for user interaction. Client devices use this endpoint to exchange a user code with consent from the resource owner to access the resources in the following flows:

Client devices use this endpoint to confirm the resource owner’s consent in the following flows:

Specify the realm in the request URL; for example:

The device user endpoint supports the following parameters:

Parameter Description Required


The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks.

Yes, when gathering consent without a remote consent service


Specifies whether the resource owner consents to the requested access.

Yes, when gathering consent unless consent is already saved for the scope


Specifies whether to store a resource owner’s consented scopes.



The scopes linked to the permissions requested by the client from the resource owner.



The user code confirmed by the resource owner.


Copyright © 2010-2024 ForgeRock, all rights reserved.