Identity Cloud

/oauth2/device/code

Client devices use this endpoint in the following flows to get the codes and information required to obtain the resource owner’s consent for device access:

Specify the realm in the request URL; for example:

https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/device/code

The device code endpoint supports the following parameters:

Parameter Description Required

acr_values

The OpenID Connect authentication context class reference values.

Yes, if required by the OpenID Connect provider

claims

The user attributes to be returned in the ID token.

No

client_id

Uniquely identifies the application making the request.

Yes

code_challenge

The code verifier generated for the PKCE flow.

Yes, for the Authorization code grant with PKCE flow

code_challenge_method

The method to derive the code challenge.

Yes, when the code_challenge is hashed (recommended)

login_hint

String value that can be set to the ID the user uses to log in.

No

nonce

String value that associates the client session with the ID token.

No

prompt

Specifies whether to prompt the end user for authentication and consent.

No

scope

The scopes linked to the permissions requested by the client from the resource owner.

No

state

The value to maintain state between the request and the callback.

No, but strongly recommended

ui_locales

The end user’s preferred languages for the user interface.

No

Copyright © 2010-2024 ForgeRock, all rights reserved.