/oauth2/device/user

This is the Device authorization grant endpoint for user interaction.

Client devices use this endpoint to confirm the resource owner’s consent in the following flows:

Specify the realm in the request URL; for example:

https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/device/user

The device user endpoint supports the following parameters:

Parameter Description Required

Parameter	Description	Required
`csrf`	The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks.	Yes, when gathering consent without a remote consent service
`decision`	Specifies whether the resource owner consents to the requested access.	Yes, when gathering consent unless consent is already saved for the scope
`save_consent`	Specifies whether to store a resource owner’s consented scopes.	No
`scope`	The scopes linked to the permissions requested by the client from the resource owner.	No
`user_code`	The user code confirmed by the resource owner.	Yes

The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks.

Yes, when gathering consent without a remote consent service

Specifies whether the resource owner consents to the requested access.

Yes, when gathering consent unless consent is already saved for the scope

Specifies whether to store a resource owner’s consented scopes.

The scopes linked to the permissions requested by the client from the resource owner.

user_code

The user code confirmed by the resource owner.

Yes